适用于PKCS7的Oracle dbms_crypto [英] Oracle dbms_crypto for PKCS7
问题描述
我的要求是执行dbms_crypto工具以解密从DOTNET端加密的表中的加密列. 看起来在dotnet中使用了PKCS7方法,在Oracle中我找不到相应的填充; PKCS5可用.
My requirement is to peform the dbms_crypto tool to decrypt the encrypted column from a table which is encrypted from DOTNET end. It looks that PKCS7 method is used in dotnet where in I am unable to find corresponding padding in Oracle side; PKCS5 is available.
如果可以从plsql方面获得所需的值,谁能帮助我?
Can anyone help me if this is possible from plsql side to get the required values:
下面给出的点网加密代码:
Dot Net encryption code given below:
private static void Encrypt()
{
byte[] toEncryptArray = UTF8Encoding.UTF8.GetBytes("ID:5031743749436704");
byte[] keyArray = new byte[16] {
34,
170,
219,
38,
68,
125,
135,
181,
80,
177,
85,
164,
215,
100,
250,
208 };
TripleDESCryptoServiceProvider tdes = new TripleDESCryptoServiceProvider();
//set the secret key for the tripleDES algorithm
tdes.Key = keyArray;
//mode of operation. there are other 4 modes.
//We choose ECB(Electronic code Book)
tdes.Mode = CipherMode.CBC;
//padding mode(if any extra byte added)
tdes.IV = new byte[8];
tdes.Padding = PaddingMode.PKCS7;
ICryptoTransform cTransform = tdes.CreateEncryptor();
//transform the specified region of bytes array to resultArray
byte[] resultArray =
cTransform.TransformFinalBlock(toEncryptArray, 0,
toEncryptArray.Length);
//Release resources held by TripleDes Encryptor
tdes.Clear();
//Return the encrypted data into unreadable string format
string enCryptedString = Convert.ToBase64String(resultArray, 0, resultArray.Length);
}
private static void Decrypt()
{
byte[] toEncryptArray = Convert.FromBase64String("T71mQdBbEwnk5kZKAc+16kgsrln4EkCJ");
byte[] keyArray = new byte[16] {
34,
170,
219,
38,
68,
125,
135,
181,
80,
177,
85,
164,
215,
100,
250,
208 };
//string s = Convert.ToBase64String(keyArray);
//string s1 = UTF8Encoding.UTF8.GetString(keyArray);
//string s3 = UTF32Encoding.UTF32.GetString(keyArray);
//string s4 = UTF7Encoding.UTF7.GetString(keyArray);
TripleDESCryptoServiceProvider tdes = new TripleDESCryptoServiceProvider();
//set the secret key for the tripleDES algorithm
tdes.Key = keyArray;
//mode of operation. there are other 4 modes.
//We choose ECB(Electronic code Book)
tdes.Mode = CipherMode.CBC;
//padding mode(if any extra byte added)
//tdes.Padding = PaddingMode.PKCS7;
tdes.IV = new byte[8];
ICryptoTransform cTransform = tdes.CreateDecryptor();
byte[] resultArray = cTransform.TransformFinalBlock(
toEncryptArray, 0, toEncryptArray.Length);
//Release resources held by TripleDes Encryptor
tdes.Clear();
//return the Clear decrypted TEXT
string decryptedString = UTF8Encoding.UTF8.GetString(resultArray);
string s2 = Convert.ToBase64String(resultArray); // Base 64 string of raw cc token
var str = System.Text.Encoding.Default.GetString(new byte[8]);
}
Oracle尝试如下:
Oracle try given below:
--encrypt
SET SERVEROUTPUT ON;
DECLARE
l_encrypted RAW(128);
BEGIN
l_encrypted := dbms_crypto.encrypt(src => utl_raw.cast_to_raw('ID:5031743749436704'),
typ => dbms_crypto.des3_cbc_pkcs5,
key => utl_encode.base64_decode(utl_raw.cast_to_raw('IqrbJkR9h7VQsVWk12T60A==') )
);
dbms_output.put_line( UTL_I18N.RAW_TO_CHAR(utl_encode.base64_encode(l_encrypted),'AL32UTF8'));
END;
/
/*
actual result: VOsHqOuCJUSVYMta4Bz2tSe/aMDN+Ol9
expected result: oCQBWzcu9gCYmxf0kL3oTgkX/K8UVk/t
*/
--decrypt
SET SERVEROUTPUT ON;
DECLARE
l_decrypted RAW(128);
BEGIN
l_decrypted := dbms_crypto.decrypt(src => utl_encode.base64_decode(utl_raw.cast_to_RAW('oCQBWzcu9gCYmxf0kL3oTgkX/K8UVk/t')),
typ => DBMS_CRYPTO.des3_cbc_pkcs5,
key => utl_encode.base64_decode(utl_raw.cast_to_raw('IqrbJkR9h7VQsVWk12T60A==') )
);
dbms_output.put_line( UTL_I18N.RAW_TO_CHAR(l_decrypted,'AL32UTF8'));
END;
/
/*
actual result:
Error report -
ORA-28817: PL/SQL function returned an error.
ORA-06512: at "SYS.DBMS_CRYPTO_FFI", line 67
ORA-06512: at "SYS.DBMS_CRYPTO", line 44
ORA-06512: at line 4
28817. 00000 - "PL/SQL function returned an error."
*Cause: A PL/SQL function returned an error unexpectedly.
*Action: This is an internal error. Enable tracing to find more
information. Contact Oracle customer support if needed.
*Document: NO
expected result: ID:5031743749436704
*/
推荐答案
正如Mark所说,dbms_crypto
当前不支持PKCS7.
As Mark said, PKCS7 is not currently supported by dbms_crypto
.
要回答有关为什么PKCS5代码因(毫无帮助的"错误)"PL/SQL函数意外返回错误"而失败的问题,您遇到的问题是您正在调用的用于转换值的函数src
和key
参数不太正确.您无需调用utl_encode.base64_decode
即可转换原始键值.同样,传递给src
的值应该与从原始加密的原始数据转换为字符串的方式相反-即,为了显示加密的值,您调用了utl_encode.base64_encode
,然后是utl_i18n.raw_to_char
.要将结果字符串转换回原始字符串,您需要进行完全相反的操作-即先调用utl_i18n.string_to_raw
,再调用utl_encode.base64_decode
.
To answer your question about why your PKCS5 code failed with the (admittedly unhelpful) error "A PL/SQL function returned an error unexpectedly.", the problem in your case is that the functions you are calling to convert the values for the src
and key
parameters are not quite correct. You don't need to call utl_encode.base64_decode
to convert the raw key values. Also, the value you pass to src
should be the reverse of how you converted from the original encrypted raw into a string - i.e. to display the encrypted value, you called utl_encode.base64_encode
followed by utl_i18n.raw_to_char
. To convert the resulting string back into a raw, you need to do the exact reverse - i.e. call utl_i18n.string_to_raw
followed by utl_encode.base64_decode
.
这是一个有效的示例:
SET SERVEROUTPUT ON;
DECLARE
l_encrypted RAW(128);
l_decrypted RAW(128);
l_key RAW(128);
BEGIN
l_key := utl_raw.cast_to_raw('IqrbJkR9h7VQsVWk12T60A==');
l_encrypted := dbms_crypto.encrypt(src => utl_raw.cast_to_raw('ID:5031743749436704'),
typ => dbms_crypto.des3_cbc_pkcs5,
key => l_key
);
dbms_output.put_line(
UTL_I18N.RAW_TO_CHAR(
utl_encode.base64_encode(l_encrypted),'AL32UTF8'));
l_encrypted := utl_encode.base64_decode(
utl_i18n.string_to_raw('tKQyG9kMqEMyv28q/dDXfGuWbf+Dnday','AL32UTF8'));
dbms_output.put_line(
UTL_I18N.RAW_TO_CHAR(
utl_encode.base64_encode(l_encrypted),'AL32UTF8'));
l_decrypted := dbms_crypto.decrypt(src => l_encrypted,
typ => DBMS_CRYPTO.des3_cbc_pkcs5,
key => l_key
);
dbms_output.put_line( UTL_I18N.RAW_TO_CHAR(l_decrypted,'AL32UTF8'));
END;
/
tKQyG9kMqEMyv28q/dDXfGuWbf+Dnday
tKQyG9kMqEMyv28q/dDXfGuWbf+Dnday
ID:5031743749436704
这篇关于适用于PKCS7的Oracle dbms_crypto的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!