首页 » ORACLE » oracle10G 加密解密之dbms_crypto (一)

oracle10G 加密解密之dbms_crypto (一)

DBMS_CRYPTO

oracle10g 提供的DBMS_CRYPTO 用来替换8I,9I前的DBMS_OBFUSCATION_TOOLKIT 包,这个包在10G以前的版本是没有的,它提供了更多的加密算法应用更方便。

* Cryptographic algorithms – DES, 3DES, AES, RC4, 3DES_2KEY
* Padding forms – PKCS5, zeroes
* Block cipher chaining modes – CBC, CFB, ECB, OFB
* Cryptographic hash algorithms – MD5, SHA-1, MD4
* Keyed hash (MAC) algorithms – HMAC_MD5, HMAC_SH1
* Cryptographic pseudo-random number generator – RAW, NUMBER, BINARY_INTEGER
* Database types – RAW, CLOB, BLOB

包的创建方法
sql>@{ORACLE_HOME}/rdbms/admin/dbmsobtk.sql

SET LONG 10000
select dbms_metadata.get_ddl('PACKAGE','DBMS_CRYPTO') FROM DUAL;

DBMS_METADATA.GET_DDL('PACKAGE','DBMS_CRYPTO')
--------------------------------------------------------------------------------

CREATE OR REPLACE PACKAGE "SYS"."DBMS_CRYPTO" AS
---------------------------------------------------------------------------
--
-- PACKAGE NOTES
--
-- DBMS_CRYPTO contains basic cryptographic functions and
-- procedures. To use correctly and securely, a general level of
-- security expertise is assumed.
--
-- VARCHAR2 datatype is not supported. Cryptographic operations
-- on this type should be prefaced with conversions to a uniform
-- character set (AL32UTF8) and conversion to RAW type.
--
-- Prior to encryption, hashing or keyed hashing, CLOB datatype is
-- converted to AL32UTF8. This allows cryptographic data to be
-- transferred and understood between databases with different
-- character sets, across character set changes and between
-- separate processes (for example, Java programs).
--
---------------------------------------------------------------------------

-------------------------- ALGORITHM CONSTANTS ----------------------------
-- The following constants refer to various types of cryptographic
-- functions available from this package. Some of the constants
-- represent modifiers to these algorithms.
---------------------------------------------------------------------------

-- Hash Functions
HASH_MD4 CONSTANT PLS_INTEGER := 1;
HASH_MD5 CONSTANT PLS_INTEGER := 2;
HASH_SH1 CONSTANT PLS_INTEGER := 3;

-- MAC Functions
HMAC_MD5 CONSTANT PLS_INTEGER := 1;
HMAC_SH1 CONSTANT PLS_INTEGER := 2;

-- Block Cipher Algorithms
ENCRYPT_DES CONSTANT PLS_INTEGER := 1; -- 0x0001
ENCRYPT_3DES_2KEY CONSTANT PLS_INTEGER := 2; -- 0x0002
ENCRYPT_3DES CONSTANT PLS_INTEGER := 3; -- 0x0003
ENCRYPT_AES CONSTANT PLS_INTEGER := 4; -- 0x0004
ENCRYPT_PBE_MD5DES CONSTANT PLS_INTEGER := 5; -- 0x0005
ENCRYPT_AES128 CONSTANT PLS_INTEGER := 6; -- 0x0006
ENCRYPT_AES192 CONSTANT PLS_INTEGER := 7; -- 0x0007
ENCRYPT_AES256 CONSTANT PLS_INTEGER := 8; -- 0x0008

-- Block Cipher Chaining Modifiers
CHAIN_CBC CONSTANT PLS_INTEGER := 256; -- 0x0100
CHAIN_CFB CONSTANT PLS_INTEGER := 512; -- 0x0200
CHAIN_ECB CONSTANT PLS_INTEGER := 768; -- 0x0300
CHAIN_OFB CONSTANT PLS_INTEGER := 1024; -- 0x0400

-- Block Cipher Padding Modifiers
PAD_PKCS5 CONSTANT PLS_INTEGER := 4096; -- 0x1000
PAD_NONE CONSTANT PLS_INTEGER := 8192; -- 0x2000
PAD_ZERO CONSTANT PLS_INTEGER := 12288; -- 0x3000
PAD_ORCL CONSTANT PLS_INTEGER := 16384; -- 0x4000

-- Stream Cipher Algorithms
ENCRYPT_RC4 CONSTANT PLS_INTEGER := 129; -- 0x0081

-- Convenience Constants for Block Ciphers
DES_CBC_PKCS5 CONSTANT PLS_INTEGER := ENCRYPT_DES
+ CHAIN_CBC
+ PAD_PKCS5;

DES3_CBC_PKCS5 CONSTANT PLS_INTEGER := ENCRYPT_3DES
+ CHAIN_CBC
+ PAD_PKCS5;

AES_CBC_PKCS5 CONSTANT PLS_INTEGER := ENCRYPT_AES
+ CHAIN_CBC
+ PAD_PKCS5;

...

注意下面的语法有问题

SQL>; l
1 CREATE OR REPLACE PACKAGE pkg_secure
2 IS
3 typ PLS_INTEGER :=DBMS_CRYPTO.ENCRYPT_AES256
4 +DBMS_CRYPTO.CHAIN_CBC
5 +DBMS_CRYPTO.PAD_PKCS5;
6 key CONSTANT RAW(32) :='mark123';
7
8 FUNCTION encrypt(input RAW) RETURN RAW;
9
10 FUNCTION decrypt(encry_str RAW) RETURN RAW;
11
12* END;
SQL> /

Package created.

SQL>; l
1 CREATE OR REPLACE PACKAGE BODY pkg_secure
2 IS
3 FUNCTION encrypt(input RAW) RETURN RAW
4 IS
5 BEGIN
6 RETURN dbms_crypto.encrypt(input,typ,key);
7 END;
8 FUNCTION decrypt(encry_str RAW ) RETURN RAW
9 IS
10 BEGIN
11 RETURN dbms_crypto.decrypt(encry_str,typ,key);
12 END;
13* END;
 /

Package body created.

因篇幅原因,下篇继续

打赏

,

对不起,这篇文章暂时关闭评论。