{"id":2143,"date":"2018-12-09T21:58:52","date_gmt":"2018-12-09T20:58:52","guid":{"rendered":"http:\/\/van-maanen.com\/?p=2143"},"modified":"2018-12-09T21:58:52","modified_gmt":"2018-12-09T20:58:52","slug":"encryption-in-oracle","status":"publish","type":"post","link":"http:\/\/archief.van-maanen.com\/?p=2143","title":{"rendered":"Encryption in Oracle"},"content":{"rendered":"\n<p class=\"wp-block-paragraph\">Oracle has a nice facility to store data in an encrypted form. This allows to hide data content from users while still allowing them to see the columns. If one would like to use the encryption facilities, one must be given this grant:\u00a0GRANT EXECUTE\u00a0\u00a0ON dbms_crypto TO username;<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">The code to store data in an encrypted form is:<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">CREATE OR REPLACE FUNCTION F_ENCRYPTION <br>(text IN VARCHAR2<br>)<br>RETURN VARCHAR2 AS <br>encrypted_text  VARCHAR2(255);<br>raw_set RAW(100);  <br>raw_password RAW(100);  <br>encryption_result RAW(100);  <br>encryption_password VARCHAR2(100) := 'bunvegni';  <br>operation_mode NUMBER; <br>BEGIN<br>        raw_set:=utl_i18n.string_to_raw(text,'AL32UTF8');    <br>        raw_password := utl_i18n.string_to_raw(encryption_password,'AL32UTF8');        <br>        operation_mode:=DBMS_CRYPTO.ENCRYPT_DES + DBMS_CRYPTO.PAD_ZERO + DBMS_CRYPTO.CHAIN_ECB;        <br>        encryption_result:=DBMS_CRYPTO.ENCRYPT(raw_set,operation_mode,raw_password);           <br>        encrypted_text := RAWTOHEX (encryption_result);  <br>        RETURN encrypted_text;<br>END F_ENCRYPTION;<\/pre>\n\n\n\n<p class=\"wp-block-paragraph\">This can then be used to store data. As an example:<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">create table Tom_Encrypt(naam_enc varchar2(255));<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">followed by:<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">insert into Tom_Encrypt(naam_enc) values(F_ENCRYPTION('Dikke Tom')); <br>\ninsert into Tom_Encrypt(naam_enc) values(F_ENCRYPTION('Lieve Ine')); <br>\ninsert into Tom_Encrypt(naam_enc) values(F_ENCRYPTION('Paula 24 jan')); <br>\ninsert into Tom_Encrypt(naam_enc) values(F_ENCRYPTION('Stella')); <br>\ncommit;<br>\nselect * from Tom_Encrypt;<\/pre>\n\n\n\n<p class=\"wp-block-paragraph\">The stored data can be seen, but the actual content remains unknown:<\/p>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"http:\/\/van-maanen.com\/wp-content\/uploads\/2018\/12\/Untitled-9-4-1-1.png\" alt=\"\" class=\"wp-image-2161\"\/><figcaption>unknown content<\/figcaption><\/figure>\n\n\n\n<p class=\"wp-block-paragraph\">With a special function, we are able to see the actual content. The function to decrypt is:<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">CREATE OR REPLACE FUNCTION F_DECRYPTION <br>\n(encrypted_text IN VARCHAR2)<br>\nRETURN VARCHAR2 AS <br>\ndecrypted_text varchar2(255);<br>\nraw_set RAW(100);   <br>\nraw_password RAW(100);   <br>\ndecryption_result RAW(100);   <br>\ndecryption_password VARCHAR2(100) := 'bunvegni';   <br>\noperation_mode NUMBER; <br>\nBEGIN<br>\n        raw_set:=HEXTORAW(encrypted_text);   <br>\n        raw_password :=utl_i18n.string_to_raw(decryption_password,'AL32UTF8');   <br>\n        operation_mode:=DBMS_CRYPTO.ENCRYPT_DES + DBMS_CRYPTO.PAD_ZERO + DBMS_CRYPTO.CHAIN_ECB;      <br>\n        decryption_result:=DBMS_CRYPTO.DECRYPT(raw_set,operation_mode,raw_password);   <br>\n        dbms_output.put_line(decryption_result);   <br>\n        decrypted_text := utl_i18n.raw_to_char (decryption_result,'AL32UTF8'); <br>\n        RETURN decrypted_text;<br>\nEND F_DECRYPTION;<\/pre>\n\n\n\n<p class=\"wp-block-paragraph\">This then allows us to see the content. The SQL code is:\u00a0select F_DECRYPTION(naam_enc) from Tom_encrypt;<\/p>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"http:\/\/van-maanen.com\/wp-content\/uploads\/2018\/12\/Untitled-9-5-1-1.png\" alt=\"\" class=\"wp-image-2164\"\/><figcaption>Being able to read data.<\/figcaption><\/figure>\n\n\n\n<p class=\"wp-block-paragraph\"><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Oracle has a nice facility to store data in an encrypted form. This allows to hide data content from users while still allowing them to see the columns. If one would like to use the encryption facilities, one must be given this grant:\u00a0GRANT EXECUTE\u00a0\u00a0ON dbms_crypto TO username; The code to store data in an encrypted [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[5],"tags":[],"class_list":["post-2143","post","type-post","status-publish","format-standard","hentry","category-nice-to-know"],"_links":{"self":[{"href":"http:\/\/archief.van-maanen.com\/index.php?rest_route=\/wp\/v2\/posts\/2143","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/archief.van-maanen.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/archief.van-maanen.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/archief.van-maanen.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"http:\/\/archief.van-maanen.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=2143"}],"version-history":[{"count":0,"href":"http:\/\/archief.van-maanen.com\/index.php?rest_route=\/wp\/v2\/posts\/2143\/revisions"}],"wp:attachment":[{"href":"http:\/\/archief.van-maanen.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=2143"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/archief.van-maanen.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=2143"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/archief.van-maanen.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=2143"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}