有人知道JDeveloper / SQL Developer使用哪种加密技术来保存凭据? [英] Does anybody know what encrypting technique is JDeveloper/SQL Developer using to persist credentials?
问题描述
我非常感兴趣,因为我需要实现类似的解决方案,所以我要了解这里使用哪种技术来保存合理的数据。以下是示例连接配置和生成的导出代码段:
I'd be more than interesting for me to understand which technique is being used here to persist sensible data since I'm needing to implement a similar solution. Here's a sample connection configuration and the resulting exported snippet:
Oracle SQL Developer Connections http://i44.tinypic.com/2lcwpkg.gif
<?xml version = '1.0' encoding = 'UTF-8'?>
<References xmlns="http://xmlns.oracle.com/adf/jndi">
<Reference name="My Connection" className="oracle.jdeveloper.db.adapter.DatabaseProvider" xmlns="">
<Factory className="oracle.jdeveloper.db.adapter.DatabaseProviderFactory"/>
<RefAddresses>
<StringRefAddr addrType="user">
<Contents>username</Contents>
</StringRefAddr>
<StringRefAddr addrType="password">
<Contents>054D4844D8549C0DB78EE1A98FE4E085B8A484D20A81F7DCF8</Contents>
</StringRefAddr>
<SKIPPED />
</RefAddresses>
</Reference>
</References>
任何建议都会非常感激。
Any advice would be really appreciated.
推荐答案
对于好奇的人,您实际看到的是与加密密码连接的密钥。例如,我尝试使用以下方法加密密码SAILBOAT:
For the curious, what you're actually seeing is the secret key concatenated with the encrypted password. For example, I tried encrypting the password "SAILBOAT" using:
DatabaseProviderHelper.goingOut("SAILBOAT")
在这个特定的例子中,结果是:
In this particular instance, the result was:
0527C290B40C41D71139B5E7A4446E94D7678359087249A463
第一个字节是常数:
05
接下来的8个字节代表随机生成的密钥(对于DES密码):
The next 8 bytes represent the randomly generated secret key (for the DES cipher):
27C290B40C41D711
剩余字节是加密密码:
39B5E7A4446E94D7678359087249A463
因此,要解密密码,你只需使用它:
Therefore, to decrypt the password, you simply use this:
public static byte[] decryptPassword(byte[] result) throws GeneralSecurityException {
byte constant = result[0];
if (constant != 5) {
throw new IllegalArgumentException();
}
byte[] secretKey = new byte[8];
System.arraycopy(result, 1, secretKey, 0, 8);
byte[] encryptedPassword = new byte[result.length - 9];
System.arraycopy(result, 9, encryptedPassword, 0, encryptedPassword.length);
byte[] iv = new byte[8];
for (int i = 0; i < iv.length; i++) {
iv[i] = 0;
}
Cipher cipher = Cipher.getInstance("DES/CBC/PKCS5Padding");
cipher.init(Cipher.DECRYPT_MODE, new SecretKeySpec(secretKey, "DES"), new IvParameterSpec(iv));
return cipher.doFinal(encryptedPassword);
}
这篇关于有人知道JDeveloper / SQL Developer使用哪种加密技术来保存凭据?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!