PL/SQL :: AES128 Encryption Compatible With Oracle And C#
Jun 20, 2013
I am trying to have an encryption logic written in Pl/SQL that could decrypt the value which is encrypted in Dot Net, using AES128 algorithm. Everytime when i try to have the decryption done, i lands up in one or the other error message. Below is the code snippet which i use. create or replace
FUNCTION decryptAES (EncryptedText IN VARCHAR2,EncKey IN VARCHAR2) RETURN VARCHAR2 DETERMINISTIC IS key_bytes_raw RAW (2048); l_ decrypted_raw RAW (2048); encryption_type PLS_INTEGER := DBMS_CRYPTO.ENCRYPT_AES128; BEGIN key_bytes_ raw:= UTL_RAW. CAST_TO_ RAW (EncKey); l_decrypted_raw := dbms_crypto.decrypt (src =>utl_raw.cast_to_raw(EncryptedText), typ => encryption_type, key => key_bytes_raw ); RETURN (UTL_RAW.CAST_TO_VARCHAR2 (l_decrypted_raw)); END decryptAES.
can we query this without login to the oracle database from linux os?database is up and running . /apps/oracle/product/11.2.0/dbhome/bin/sqlplus system/passwd select name from v$database;
I encrypted the column but when i check through strings command the data is still not encrypted,i created the wallet etc etc,set proper path in sqlnet.ora
I would like to know the reason why the database is on unencrypted format by default,there must be some reason behind this, i hear from someone that encrypted data degrade performance thats the reasons its on unencrypted format by default.
Connected to: Oracle Database 10g Enterprise Edition Release 10.2.0.1.0 - 64bit Production With the Partitioning, OLAP and Data Mining options
SQL> ALTER SYSTEM SET ENCRYPTION KEY AUTHENTICATED BY "XXX"; ALTER SYSTEM SET ENCRYPTION KEY AUTHENTICATED BY "XXX" * ERROR at line 1: ORA-28368: cannot auto-create wallet
As you can see the directory is not created.
ls -ld /oracle/10.2.0.1.0/network/admin/encryption_wallet ls: 0653-341 The file /oracle/10.2.0.1.0/network/admin/encryption_wallet does not exist.
The directory above where I want to create my wallet is owned by oracle, which is the user I am running sqlplus as (see below)
I want to upgrade our database version (9.2.0.7) to 10g (10.2.0.2)
I know if I set COMPATIBLE parameter to 10.2.0.2 at first then I can't downgrade to 9.2.0.7 if any problem occurs I am not sure that our application can deal with 10g or not so I think it's better to leave the COMPATIBLE parameter to 9.2.0 several days for sure and if all things go well then change COMPATIBLE to 10.2.0.2 (I need to say that I can’t test our application in a test environment )
Now do you think leaving COMPATIBLE to 9.2.0 (after upgrade) for many days can cause any problem to Database ?
I am using apex 4.0.2.00.09 and when I Tried to import jrxml2pdf-1.2.0.2.releas from the application it gave me 1 error has occurredNOT COMPATIBLE (Your export may contain calls not supported by your application version.)
While searching for password encryption I came across these statements.
1.Password Encryption While Connecting. This protection is always in force, by default. Passwords are always automatically and transparently encrypted during network (client/server and server/server) connections, using a modified DES (Data Encryption Standard) or 3DES algorithm, before sending them across the network.
Confirm whether by default oracle encrypts the password before sending it to the database across the network even when the clear text password is used for connecting from a jdbc client.
As per my understanding connections should start to fail from client side after addition of these parameter on server side sqlnet.ora (no changes to client side sqlnet.ora).I am still able to connect to this server without connections getting failed.
I already checked aso is installed on this database.Just to add it is a RAC database with 2 nodes.
Can i get some documents on oracle RAC database encryption.?what are the pros and cons of encryption?Does this comes with oracle Database or something we need to buy from oracle sales persons?
We had a query whether, oracle apex 4.0 and above is IPv6 compatible or compliant ? We use Oracle apache HTTP Server as the application server and oracle 11G database.
We are attempting to configure/use OEM (Oracle 10.2.0.4) on Solaris, and when logging in to OEM we are directed to the Database Down page, stating Enterprise Manager is unable to connect to the database instance, but showing all the components as up/open. After checking the log, I found the following error:
IO exception: Unknown Encryption or Data Integrity algorithm
I checked the settings in emoms.properties and compared the encryption parameters to those in our SQLNet file, and all match up. We are NOT using Grid Control, just db control connecting to 1 instance.
SQL*Plus: Release 11.2.0.1.0 Production on Tue Sep 28 17:07:53 2010 SQL> ALTER SYSTEM SET ENCRYPTION KEY IDENTIFIED BY "DeciPher"; ALTER SYSTEM SET ENCRYPTION KEY IDENTIFIED BY "DeciPher" * ERROR at line 1: ORA-28374: typed master key not found in wallet
Our Audit Company has given us a recommendation:"Old DB Link encrypted Passwords: The password of the Oracle databases links are encrypted using DES (password starts with 05). This encryption methord is known and users can decrypt the passwords using a simple SQL query. Please recreate the database links to use the new encryption method (password starts with 06)."What does it mean and how can we perform this recommendation?
Recently the Oracle10g database has been migrated to UTF8 character set and the following have failed.
1. The password applied is not getting encrypted and the password contains a spanish characters.
Getting the below error.
"10057:ERROR WHILE ENCRYPTING GIVEN STRING:String:Uñomasuño5.::ORA-28232: invalid input length for obfuscation toolkit:-28232:ORA-28232: invalid input length for obfuscation toolkit"
The algorithm used for encryption DES. I tried with DESENCRYPT , DES3ENCRPYT and MD5 and it failing.
Actually i am migrating forms from 6i to 10g Here i need to set the window which should be fit in the browser(internet explorer) resolution and it should be compatible for any resolution?
i have tried by changing width and height in formsweb.cfg file but it is not compatible for different resolutions...
I am trying to use oracle wallet with the new odp.net managed driver, but I am getting
"invalid username/password".
As the wallet itself is ok (it works with the unmanaged client), seems to me that this new provider is not fully compatible with Oracle Wallet. Is this true? I am trying this:
1. Oracle DB Binaries: 11.2.0.2.2 2. Using dbca to create General Purpose Database and then modify initialization parameter "COMPATIBLE from 11.2.0.0.0 to 10.2.0.3.0" in the "All Initialization Parameters" window.
So, when I finally start installing database, I get following error during the install:
ORA-00201: control file version 11.2.0.0.0 incompatible with ORACLE version 10.2.0.3.0 ORA-00202: control file: '/u01/app/oracle/cfgtoollogs/dbca/infpp1/tempControl.clt'
IGNORE OR ABORT...
Now you might ask why i am doing this. Actually I want to install fresh 11grel2. database with lower compatible parameter. IMPORT DP custom schemas into this database making sure compatible is set to 10.2.0.3.0. Then run database with such settings for a week and finally change compatible parameter to 11.2.0.0.0
Any thoughts where i am going wrong? as the default template seems not accepting what i am interested to do.
Our client is having requirements that data should be encrypted through-out the process (from transaction level to backup level).
Requirements are as below -
1) Data should be encrypted and can be access only through application (through front end). 2) Even if pl/sql, sql installed, developer user cannot able to fetch data from database. 3) Even DBA, should not have access to fetch the data from the database. 4) Only assigned DBA, should fetch details from database (provided he/she should have details of database as well as application's user / password). 5) It should be restricted by ip and user details (such as ip of application server with user/password of user). 6) Changes should be purely done from database level only.
I have created a wallet (11g R2 OEL 5.5) using the OWM.Tried opening the wallet (encryption_wallet_location set in sqlnet.ora). then while creating a table it said the master encryption key is not present. Have created the master key using the following command.
alter system set encryption key identified by "Password";
Here the strange thing i observed is that when we create a wallet using the OWM, it asks for the password and when i open the same wallet the master key is not created and it allows the master key to be generated with the same password that i have created the wallet in the first place with the OWM, with any other passwords it says that the wallet is not open.
After creating the wallet and creating the master key... I have the following questions, and its becoming quite hard to find the solutions as well.
1. Can we have multiple encryption keys... say i want to encrypt a table or column with one key and other with an another key. 2. How many keys can we have for objects in the table? or can we have only one key and many certificates. 3. wallet created, and encrypted tables present, the wallet is not in auto open mode, but somehow the database open after it is shutdown, here no encrypted tablespaces are present. 4. while creating an encrypted tablespace the default storage (encrypt ) has to be added to the add tablespace clause.
We have got a new requirement wherein, The customer wanted the DBA Vendor (US) NOT to access the confidential information (ALL Columns) in the DB tables of PRODUCTION database. This is for few applications to comply with with export control rules. The thin support by Customer DBA will be allowed to access the Data, if required .
1) Web Based Interface ?. 2) DB Encryption (But if we encrypt ALL columns Serious performance issue expected, File level will not restrict DB level access) 3) Special setting on DB (DBA to do only backup and restoration related work only - But cannot access data) 4) Standard Tools / Utilities / Others ??.
How oracle deals with the setting of init.ora parameter compatible.
e.g. we have DB Version=10.2.0.4 compatible=10.2.0
what is the possible leak for us ? Is there any description about the features changed in 10.2 up to 10.2.0.4 in all steps - so that we can check out which functions we do not have.
