Oracle 10g 加密包 DBMS_CRYPTO

Oracle DBMS_CRYPTO

Version 10.2

　

General Information
Source	{ORACLE_HOME}/rdbms/admin/dbmsobtk.sql
Algorithm Constants	Name Data Type Value Hash Functions HASH_MD4 (128 bit hash) PLS_INTEGER 1 HASH_MD5 (128 bit hash) PLS_INTEGER 2 HASH_SH1 (160 bit hash) PLS_INTEGER 3 MAC Functions HMAC_MD5 (128 bit hash) PLS_INTEGER 1 HMAC_SH1 (160 bit hash) PLS_INTEGER 2 Block Cipher Algorithms ENCRYPT_DES (56 bit) PLS_INTEGER 1; -- 0x0001 ENCRYPT_3DES_2KEY (128 bit) PLS_INTEGER 2; -- 0x0002 ENCRYPT_3DES PLS_INTEGER 3; -- 0x0003 ENCRYPT_AES128 (128 bit) PLS_INTEGER 6; -- 0x0006 ENCRYPT_AES192 (192 bit) PLS_INTEGER 7; -- 0x0007 ENCRYPT_AES256 (256 bit) PLS_INTEGER 8; -- 0x0008 ENCRYPT_RC4 (Stream Cipher) PLS_INTEGER 129; -- 0x0081 Block Cipher Chaining Modifiers CHAIN_CBC (Cipher Block Chaining) PLS_INTEGER 256; -- 0x0100 CHAIN_CFB (Cipher Feedback) PLS_INTEGER 512; -- 0x0200 CHAIN_ECB (Electronic cookbook) PLS_INTEGER 768; -- 0x0300 CHAIN_OFB (Output Feedback) PLS_INTEGER 1024; -- 0x0400 Block Cipher Padding Modifiers PAD_PKCS5 (Complies with PKCS #5) PLS_INTEGER 4096; -- 0x1000 PAD_NONE (No Dadding) PLS_INTEGER 8192; -- 0x2000 PAD_ZERO (Pad with Zeros) PLS_INTEGER 12288; -- 0x3000 Block Ciphers Suites DES_CBC_PKCS5 PLS_INTEGER ENCRYPT_DES + CHAIN_CBC + PAD_PKCS5; DES3_CBC_PKCS5 PLS_INTEGER ENCRYPT_3DES + CHAIN_CBC + PAD_PKCS5;
Dependencies	DBMS_CRYPTO_FFI DECRYPTBYTES ENCRYPTBYTES DECRYPT ENCRYPT UTL_RAW
Exceptions	Error Code Reason 28827 The specified cipher suite is not defined 28829 No value has been specified for the cipher suite to be used 28233 Source data was previously encrypted 28234 DES: Specified key size too short. DES keys must be at least 8 bytes (64 bits). AES: Specified key size is not supported. AES keys must be 128, 192, or 256 bits 28239 The encryption key has not been specified or contains a NULL value
DECRYPT
Decrypt crypt text data using stream or block cipher with user supplied key and optional iv Overload 1	dbms_crypto.decrypt(src IN RAW, typ IN PLS_INTEGER, key IN RAW, iv  IN RAW DEFAULT NULL) RETURN RAW;
	See Encrypt Overload 1 demo
Overload 2	dbms_crypto.decrypt(dst IN OUT NOCOPY BLOB, src IN BLOB, typ IN PLS_INTEGER, key IN RAW, iv  IN RAW DEFAULT NULL);
Overload 3	dbms_crypto.decrypt (dst IN OUT NOCOPY CLOB CHARACTER SET ANY_CS, src IN BLOB, typ IN PLS_INTEGER, key IN RAW,  iv  IN RAW DEFAULT NULL);
ENCRYPT
Encrypt plain text data using stream or block cipher with user supplied key and optional iv Overload 1	dbms_crypto.encrypt(src IN RAW, typ IN PLS_INTEGER, key IN RAW,  iv IN RAW DEFAULT NULL) RETURN RAW;
	set serveroutput on DECLARE  l_credit_card_no VARCHAR2(19) := '1234-5678-9012-3456';  l_ccn_raw RAW(128) := utl_raw.cast_to_raw(l_credit_card_no);  l_key     RAW(128) := utl_raw.cast_to_raw('abcdefgh');  l_encrypted_raw RAW(2048);  l_decrypted_raw RAW(2048); BEGIN   dbms_output.put_line('Original : ' || l_credit_card_no);   l_encrypted_raw := dbms_crypto.encrypt(l_ccn_raw,   dbms_crypto.des_cbc_pkcs5, l_key);   dbms_output.put_line('Encrypted : ' ||   RAWTOHEX(utl_raw.cast_to_raw(l_encrypted_raw)));   l_decrypted_raw := dbms_crypto.decrypt(src => l_encrypted_raw,   typ => dbms_crypto.des_cbc_pkcs5, key => l_key);   dbms_output.put_line('Decrypted : ' ||   utl_raw.cast_to_varchar2(l_decrypted_raw)); END; /
	set serveroutput on DECLARE  enc_val   RAW(2000);  l_key     RAW(2000);  l_key_len NUMBER := 128/8; -- convert bits to bytes  l_mod     NUMBER := dbms_crypto.ENCRYPT_AES128  + dbms_crypto.CHAIN_CBC + dbms_crypto.PAD_PKCS5; BEGIN   l_key := dbms_crypto.randombytes(l_key_len);   enc_val := dbms_crypto.encrypt(   utl_i18n.string_to_raw('1234-5678-9012-3456', 'AL32UTF8'),   l_mod, l_key);   dbms_output.put_line(enc_val); END; /
Overload 2	dbms_crypto.encrypt(dst IN OUT NOCOPY BLOB, src IN BLOB,  typ IN PLS_INTEGER, key IN RAW, iv  IN RAW DEFAULT NULL);
Overload 3	dbms_crypto.encrypt(dst IN OUT NOCOPY BLOB,  src IN CLOB CHARACTER SET ANY_CS, typ IN PLS_INTEGER, key IN RAW, iv  IN RAW DEFAULT NULL);
dbms_crypto.encrypt(UTL_RAW.CAST_TO_RAW(CONVERT('XXX','AL32UTF8')),typ,key);
HASH
Hash source data by cryptographic hash type Overload 1	dbms_crypto.hash(src IN RAW, typ IN PLS_INTEGER) RETURN RAW;
Overload 2	dbms_crypto.hash(src IN BLOB, typ IN PLS_INTEGER) RETURN RAW;
Overload 3	dbms_crypto.hash(src IN CLOB CHARACTER SET ANY_CS,  typ IN PLS_INTEGER) RETURN RAW;
MAC
Message Authentication Code algorithms provide keyed message protection Overload 1	dbms_crypto.mac(src IN RAW, typ IN PLS_INTEGER, key IN RAW)  RETURN RAW;
Overload 2	dbms_crypto.mac(src IN BLOB, typ IN PLS_INTEGER, key IN RAW) RETURN RAW;
Overload 3	dbms_crypto.mac(src IN CLOB CHARACTER SET ANY_CS, typ IN PLS_INTEGER, key IN RAW) RETURN RAW;
RANDOMBYTES
Returns a raw value containing a pseudo-random sequence of bytes	dbms_crypto.randomnytes(number_bytes PLS_INTEGER) RETURN RAW;
	SELECT dbms_crypto.randombytes(1) FROM dual; SELECT LENGTH(dbms_crypto.randombytes(1)) FROM dual; SELECT dbms_crypto.randombytes(28) FROM dual; SELECT LENGTH(dbms_crypto.randombytes(28)) FROM dual; SELECT dbms_crypto.randombytes(64) FROM dual; SELECT LENGTH(dbms_crypto.randombytes(64)) FROM dual;
RANDOMINTEGER
Returns a random BINARY_INTEGER	dbms_crypto.randominteger RETURN NUMBER;
	SELECT dbms_crypto.randominteger FROM dual;
RANDOMNUMBER
Returns a random Oracle Number	dbms_crypto.randomnumber RETURN NUMBER;
	SELECT dbms_crypto.randomnumber FROM dual;