Oracle PL/SQL code encryption and decryption

Using Oracle PL/SQL code encryption to protect the business logic is very useful in some scenarios. The following is a simple arrangement:

1. Use the Wrap command to encrypt

2. Use the dbms_ddl package for encryption

Iii. Oracle encryption principles

4. Encryption Code cracking

1. Use the Wrap command to encrypt

1. Create an example file pro_wrap. SQL

create or replace procedure pro_wrap isbegin   dbms_output.put_line('Wrap Demo');end pro_wrap;

2. Use the wrap command to generate pld Encrypted Files

Wrap iname = c: \ pk \ pro_wrap. SQL oname = c: \ pk \ pro_wrap.plb

C: \ pk> wrap iname = c: \ pk \ pro_wrap. SQL oname = c: \ pk \ pro_wrap.plbPL/SQL Wrapper: Release 11.2.0.1.0-64bit Production on Tuesday March 25 21:58:20 2014 Copyright (c) 1993,200 9, Oracle. all rights reserved. processing c: \ pk \ pro_wrap. SQL to c: \ pk \ pro_wrap.plb

3. Use the encrypted file pro_wrap.pld to generate a stored procedure

C: \ pk> sqlplus/as sysdbaSQL * Plus: Release 11.2.0.1.0 Production on Tuesday March 25 22:17:19 2014 Copyright (c) 1982,201 0, Oracle. all rights reserved. connect to: Oracle Database 11g Enterprise Edition Release 11.2.0.1.0-64bit ProductionWith the Partitioning, OLAP, Data Mining and Real Application Testing optionsSQL> set serveroutput onSQL> @ c: the \ pk \ pro_wrap.plb process has been created. SQL> exec pro_wrap; the Wrap DemoPL/SQL process has been completed successfully.

The exec test shows that the stored procedure is successfully executed.

4. verify whether the code is encrypted.

SQL> set newpage noneSQL> set heading offSQL> set space 0SQL> set pagesize 0SQL> set trimout onSQL> set trimspool onSQL> set linesize 2500SQL> SELECT dbms_metadata.get_ddl('PROCEDURE','PRO_WRAP') FROM dual;  CREATE OR REPLACE PROCEDURE "SYS"."PRO_WRAP" wrappeda000000354abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd750 8dcKb3/QEp0AIWOH/IyhxS2ffLbrUwg5nnm7+fMr2ywFwWFpfQlpbyVmmldIvAwDL+0oYJaWm4UpuySv4osr3nsrMdBjAsriTqsoG4yGWcd2jPMi720eokHwKpyrXOpcrGpvY5pg2Gb0c=

We can see that the garbled characters are encrypted.

II. Use the dbms_ddl package for encryption

Wrap is a command line method, while dbms_ddl package is a code encryption package provided at the beginning of 10 Gb, which can be called in the Code and is more flexible.

Use desc dbms_dll to view the specific process name and parameters. Here is a simple example to encrypt a piece of code:

SQL> declare 2 v_ SQL varchar2 (1024); 3 v_wrap varchar2 (1024); 4 begin 5 6 v_ SQL: = 'create or replace procedure pro_wrap is 7 begin 8 dbms_output.put_line (\ ''wrap Demo \ ''); 9 end pro_wrap; '; 10 11 select dbms_ddl.wrap (v_ SQL) into v_wrap from dual; 12 dbms_output.put_line ('=================== '); 13 dbms_output.put_line (v_ SQL); 14 dbms_output.put_line ('=============== '); 15 dbms_ou Tput. put_line (v_wrap); 16 end; 17 // ======================== create or replace procedure pro_wrap is begin dbms_output.put_line (\ 'Wrap demo \'); end pro_wrap; ============================ create or replace procedure pro_wrap when creating + rules/tKGBsNpabhSm7JK/iiyveeysx0GMCyuJ OrwBIG4yPKcd2jkBDIu9tHc6iQfAqnKtc6lysam9kQ5phYZH50 = PL/SQL process completed successfully.

We can see that the code before and after direct encryption is quite different.

Iii. Oracle encryption principles

The wrap process of Oracle 10g PL/SQL is to compress lzstr on the source code lz first, and then compress the data into SHA-1 to obtain a 40-bit encrypted string shstr, then, the encrypted string and the compressed string are spliced to get shstr + lzstr. Then, Oracle dual-character conversion (conversion table) is performed on the concatenated string, and the converted string is base64-encoded, finally, the encrypted string of the wrap is obtained.

4. Encryption Code cracking

Read master articles

Oracle10g unwrap technical analysis By GENXOR
Http://blogs.360.cn/blog/oracle10g-unwrap%E6%8A%80%E6%9C%AF%E5%88%86%E6%9E%90-by-genxor/

MAIL: xcl_168@aliyun.com

BLOG: http://blog.csdn.net/xcl168