用于 PKCS7 的 Oracle dbms_crypto [英] Oracle dbms_crypto for PKCS7

问题描述

我的要求是执行 dbms_crypto 工具以从 DOTNET 端加密的表中解密加密列.看起来在dotnet中使用了PKCS7方法，其中我在Oracle端找不到相应的填充；PKCS5 可用.

My requirement is to peform the dbms_crypto tool to decrypt the encrypted column from a table which is encrypted from DOTNET end. It looks that PKCS7 method is used in dotnet where in I am unable to find corresponding padding in Oracle side; PKCS5 is available.

如果可以从 plsql 方面获得所需的值，任何人都可以帮助我:

Can anyone help me if this is possible from plsql side to get the required values:

下面给出的点网加密代码:

Dot Net encryption code given below:

private static void Encrypt()
{
    byte[] toEncryptArray = UTF8Encoding.UTF8.GetBytes("ID:5031743749436704");
    byte[] keyArray = new byte[16] {
     34,
     170,
     219,
     38,
     68,
     125,
     135,
     181,
     80,
     177,
     85,
     164,
     215,
     100,
     250,
     208 };
    TripleDESCryptoServiceProvider tdes = new TripleDESCryptoServiceProvider();
    //set the secret key for the tripleDES algorithm
    tdes.Key = keyArray;
    //mode of operation. there are other 4 modes.
    //We choose ECB(Electronic code Book)
    tdes.Mode = CipherMode.CBC;
    //padding mode(if any extra byte added)
    tdes.IV = new byte[8];
    tdes.Padding = PaddingMode.PKCS7;
    ICryptoTransform cTransform = tdes.CreateEncryptor();
    //transform the specified region of bytes array to resultArray
    byte[] resultArray =
      cTransform.TransformFinalBlock(toEncryptArray, 0,
      toEncryptArray.Length);
    //Release resources held by TripleDes Encryptor
    tdes.Clear();
    //Return the encrypted data into unreadable string format
    string enCryptedString = Convert.ToBase64String(resultArray, 0, resultArray.Length);
}

private static void Decrypt()
{
    byte[] toEncryptArray = Convert.FromBase64String("T71mQdBbEwnk5kZKAc+16kgsrln4EkCJ");

    byte[] keyArray = new byte[16] {
     34,
     170,
     219,
     38,
     68,
     125,
     135,
     181,
     80,
     177,
     85,
     164,
     215,
     100,
     250,
     208 };
    //string s = Convert.ToBase64String(keyArray);

    //string s1 = UTF8Encoding.UTF8.GetString(keyArray);

    //string s3 = UTF32Encoding.UTF32.GetString(keyArray);

    //string s4 = UTF7Encoding.UTF7.GetString(keyArray);


    TripleDESCryptoServiceProvider tdes = new TripleDESCryptoServiceProvider();
    //set the secret key for the tripleDES algorithm
    tdes.Key = keyArray;
    //mode of operation. there are other 4 modes. 
    //We choose ECB(Electronic code Book)

    tdes.Mode = CipherMode.CBC;
    //padding mode(if any extra byte added)
    //tdes.Padding = PaddingMode.PKCS7;

    tdes.IV = new byte[8];

    ICryptoTransform cTransform = tdes.CreateDecryptor();

    byte[] resultArray = cTransform.TransformFinalBlock(
                         toEncryptArray, 0, toEncryptArray.Length);
    //Release resources held by TripleDes Encryptor                
    tdes.Clear();



    //return the Clear decrypted TEXT
    string decryptedString = UTF8Encoding.UTF8.GetString(resultArray);

    string s2 = Convert.ToBase64String(resultArray); // Base 64 string of raw cc token


    var str = System.Text.Encoding.Default.GetString(new byte[8]);

}

Oracle 尝试如下:

Oracle try given below:

--encrypt
SET SERVEROUTPUT ON;
DECLARE
     l_encrypted   RAW(128);
BEGIN
     l_encrypted := dbms_crypto.encrypt(src => utl_raw.cast_to_raw('ID:5031743749436704'), 
                                        typ => dbms_crypto.des3_cbc_pkcs5, 
                                        key => utl_encode.base64_decode(utl_raw.cast_to_raw('IqrbJkR9h7VQsVWk12T60A==') ) 
                                        );

     dbms_output.put_line( UTL_I18N.RAW_TO_CHAR(utl_encode.base64_encode(l_encrypted),'AL32UTF8'));
END;
/
/*
actual result:      VOsHqOuCJUSVYMta4Bz2tSe/aMDN+Ol9
expected result:    oCQBWzcu9gCYmxf0kL3oTgkX/K8UVk/t
*/


--decrypt
SET SERVEROUTPUT ON;
DECLARE
     l_decrypted RAW(128);
BEGIN
      l_decrypted := dbms_crypto.decrypt(src => utl_encode.base64_decode(utl_raw.cast_to_RAW('oCQBWzcu9gCYmxf0kL3oTgkX/K8UVk/t')),
                                        typ => DBMS_CRYPTO.des3_cbc_pkcs5,
                                        key => utl_encode.base64_decode(utl_raw.cast_to_raw('IqrbJkR9h7VQsVWk12T60A==') )
                                        );
      dbms_output.put_line( UTL_I18N.RAW_TO_CHAR(l_decrypted,'AL32UTF8'));
END;
/

/*
actual result: 

Error report -
ORA-28817: PL/SQL function returned an error.
ORA-06512: at "SYS.DBMS_CRYPTO_FFI", line 67
ORA-06512: at "SYS.DBMS_CRYPTO", line 44
ORA-06512: at line 4
28817. 00000 -  "PL/SQL function returned an error."
*Cause:    A PL/SQL function returned an error unexpectedly.
*Action:   This is an internal error. Enable tracing to find more
           information. Contact Oracle customer support if needed.
*Document: NO

expected result: ID:5031743749436704
*/

推荐答案

Oracle 的 DBMS_CRYPTO 包不支持 PKCS7.

PKCS7 is not supported by Oracle's DBMS_CRYPTO package.

这里是您的选择.

这篇关于用于 PKCS7 的 Oracle dbms_crypto的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！