I figured it out. For reasons I'm not 100% sure, des allows me to encrypt a 14 character string while 3des doesn't. From: Kenneth Naim [mailto:kennethnaim@xxxxxxxxx] Sent: Monday, April 23, 2012 3:13 PM To: Oracle-L Group (oracle-l@xxxxxxxxxxxxx) Subject: DBMS_CRYPTO Error I took the following example from MOS note 956603.1 and modified the key to use an md5 hash of a passphrase I made up. It runs without issue. Original with new key create or replace function encrypt(v_string in varchar2) return varchar2 is encrypted_raw RAW (2000); encryption_type PLS_INTEGER := SYS.DBMS_CRYPTO.ENCRYPT_DES + SYS.DBMS_CRYPTO.CHAIN_CBC + SYS.DBMS_CRYPTO.PAD_PKCS5; v_key raw(128) := utl_i18n.string_to_raw( 'b505560de8ca30bcb640dc5521ea75c3', 'AL32UTF8' ); begin dbms_output.put_line(v_key); encrypted_raw := DBMS_CRYPTO.ENCRYPT ( src => UTL_I18N.STRING_TO_RAW (v_string,'AL32UTF8'), typ => encryption_type, key => v_key ); return RAWTOHEX(encrypted_raw); end encrypt; / When I change the encryption_type to use triple des instead of des and chain_cdc to chain_ecb I get this error ORA-28817: PL/SQL function returned an error. ORA-06512: at "SYS.DBMS_CRYPTO_FFI", line 3 ORA-06512: at "SYS.DBMS_CRYPTO", line 13 ORA-06512: at "ENCRYPT", line 10 Modified to triple des. create or replace function encrypt(v_string in varchar2) return varchar2 is encrypted_raw RAW (2000); encryption_type PLS_INTEGER := DBMS_CRYPTO.ENCRYPT_3DES + DBMS_CRYPTO.CHAIN_ECB + DBMS_CRYPTO.PAD_NONE; --SYS.DBMS_CRYPTO.ENCRYPT_DES + SYS.DBMS_CRYPTO.CHAIN_CBC + SYS.DBMS_CRYPTO.PAD_PKCS5; v_key raw(256) := utl_i18n.string_to_raw( 'b505560de8ca30bcb640dc5521ea75c3', 'AL32UTF8' ); begin dbms_output.put_line(v_key); encrypted_raw := DBMS_CRYPTO.ENCRYPT ( src => UTL_I18N.STRING_TO_RAW (v_string,'AL32UTF8'), typ => encryption_type, key => v_key ); return RAWTOHEX(encrypted_raw); end encrypt; / I need to use 3des and chain_ecb to replace a piece of an application that is no longer begin used. Any help would be appreciated. I've searched MOS and google, tried it in every config I can think of but I still get that error. Thank you, Ken Naim _____ Checked by AVG - www.avg.com Version: 2012.0.1913 / Virus Database: 2411/4954 - Release Date: 04/23/12 _____ Checked by AVG - www.avg.com Version: 2012.0.1913 / Virus Database: 2411/4954 - Release Date: 04/23/12 -- //www.freelists.org/webpage/oracle-l