RE: DBMS_CRYPTO Error

  • From: "Kenneth Naim" <kennethnaim@xxxxxxxxx>
  • To: <oracle@xxxxxxxxxxxxxxx>, <oracle-l@xxxxxxxxxxxxx>
  • Date: Tue, 24 Apr 2012 10:39:40 -0400

Good Morning Norman,
Thanks, I did figure out that it had to be padded and it seems in 11g there
are a few built in padding options (PAN_NONE, PAD_ZERO, PAD_ORCL etc.) which
I'm now using and the code is working. 

Ken

-----Original Message-----
From: oracle-l-bounce@xxxxxxxxxxxxx [mailto:oracle-l-bounce@xxxxxxxxxxxxx]
On Behalf Of Norman Dunbar
Sent: Tuesday, April 24, 2012 2:35 AM
To: oracle-l@xxxxxxxxxxxxx
Subject: Re: DBMS_CRYPTO Error

Morning Ken,

On 23/04/12 20:54, Norman Dunbar wrote:
> I'm not 100% sure as I'm away from my desk at present, but I think 
> when I used DES3 a few years ago, I needed to pad the text to be 
> encrypted to a multiple of some length. I'll check tomorrow.

I'm in the office and I've checked my code. It is true, the data to be
encrypted needs to be a multiple of 8 characters long. As per this from my
code's package body:

function encrypt(iString in blob) return blob as
        vData raw(1024);
        vBlob blob;

begin
        -- Extract raw data, pad it out &  encrypt it
        vData := BlobToRaw(iBlob => iString,
                        iPad => true);

        vData := dbms_obfuscation_toolkit.DESEncrypt(...);


The BlobToRaw code is this:


function BlobToRaw(iBlob in blob, iPad in boolean := true) as
        vRaw raw(1024;
        vLength number;
        vPad integer
        ...
begin
        vLength := dbms_lob.GetLength(iBlob);
        if (vLength <> 0) then
                -- Read blob into raw
                ...
        end if;

        -- Pad if required
        if (iPad) then
                vPad := 8 - mod(vLength, 8);
                if (vPad <> 0) then
                vRaw := utl_raw.concat(vRaw,
                                utl_raw.cast_to_raw(rpad(chr(0),
                                                        vPad,
                                                        chr(0))
                                )
                        );
                end if;
        end if;
...

I remember reading somewhere that the data has to be an exact multiple of 8
characters long. In the docs for dbms_obfuscation_toolkit for 9i I think.

I also note that I seem to have used the iPad name long before Apple, wonder
if I can sue!  ;-)

By the way, this was part of a password vault system I had to write many
many years ago, all my data are well short of the 1024 characters I'm using
for the RAWs above.


HTH

Cheers,
Norm.

--
Norman Dunbar
Dunbar IT Consultants Ltd

Registered address:
Thorpe House
61 Richardshaw Lane
Pudsey
West Yorkshire
United Kingdom
LS28 7EL

Company Number: 05132767
--
//www.freelists.org/webpage/oracle-l


-----

Checked by AVG - www.avg.com
Version: 2012.0.1913 / Virus Database: 2411/4955 - Release Date: 04/23/12

-----

Checked by AVG - www.avg.com
Version: 2012.0.1913 / Virus Database: 2411/4956 - Release Date: 04/24/12

--
//www.freelists.org/webpage/oracle-l

Other related posts:

  1. Home
  2. oracle-l
  3. Archive
  4. 04-2012