Reputation: 2602
Oracle dbms_crypto for PKCS7
My requirement is to peform the dbms_crypto tool to decrypt the encrypted column from a table which is encrypted from DOTNET end. It looks that PKCS7 method is used in dotnet where in I am unable to find corresponding padding in Oracle side; PKCS5 is available.
Can anyone help me if this is possible from plsql side to get the required values:
Dot Net encryption code given below:
private static void Encrypt()
{
byte[] toEncryptArray = UTF8Encoding.UTF8.GetBytes("ID:5031743749436704");
byte[] keyArray = new byte[16] {
34,
170,
219,
38,
68,
125,
135,
181,
80,
177,
85,
164,
215,
100,
250,
208 };
TripleDESCryptoServiceProvider tdes = new TripleDESCryptoServiceProvider();
//set the secret key for the tripleDES algorithm
tdes.Key = keyArray;
//mode of operation. there are other 4 modes.
//We choose ECB(Electronic code Book)
tdes.Mode = CipherMode.CBC;
//padding mode(if any extra byte added)
tdes.IV = new byte[8];
tdes.Padding = PaddingMode.PKCS7;
ICryptoTransform cTransform = tdes.CreateEncryptor();
//transform the specified region of bytes array to resultArray
byte[] resultArray =
cTransform.TransformFinalBlock(toEncryptArray, 0,
toEncryptArray.Length);
//Release resources held by TripleDes Encryptor
tdes.Clear();
//Return the encrypted data into unreadable string format
string enCryptedString = Convert.ToBase64String(resultArray, 0, resultArray.Length);
}
private static void Decrypt()
{
byte[] toEncryptArray = Convert.FromBase64String("T71mQdBbEwnk5kZKAc+16kgsrln4EkCJ");
byte[] keyArray = new byte[16] {
34,
170,
219,
38,
68,
125,
135,
181,
80,
177,
85,
164,
215,
100,
250,
208 };
//string s = Convert.ToBase64String(keyArray);
//string s1 = UTF8Encoding.UTF8.GetString(keyArray);
//string s3 = UTF32Encoding.UTF32.GetString(keyArray);
//string s4 = UTF7Encoding.UTF7.GetString(keyArray);
TripleDESCryptoServiceProvider tdes = new TripleDESCryptoServiceProvider();
//set the secret key for the tripleDES algorithm
tdes.Key = keyArray;
//mode of operation. there are other 4 modes.
//We choose ECB(Electronic code Book)
tdes.Mode = CipherMode.CBC;
//padding mode(if any extra byte added)
//tdes.Padding = PaddingMode.PKCS7;
tdes.IV = new byte[8];
ICryptoTransform cTransform = tdes.CreateDecryptor();
byte[] resultArray = cTransform.TransformFinalBlock(
toEncryptArray, 0, toEncryptArray.Length);
//Release resources held by TripleDes Encryptor
tdes.Clear();
//return the Clear decrypted TEXT
string decryptedString = UTF8Encoding.UTF8.GetString(resultArray);
string s2 = Convert.ToBase64String(resultArray); // Base 64 string of raw cc token
var str = System.Text.Encoding.Default.GetString(new byte[8]);
}
Oracle try given below:
--encrypt
SET SERVEROUTPUT ON;
DECLARE
l_encrypted RAW(128);
BEGIN
l_encrypted := dbms_crypto.encrypt(src => utl_raw.cast_to_raw('ID:5031743749436704'),
typ => dbms_crypto.des3_cbc_pkcs5,
key => utl_encode.base64_decode(utl_raw.cast_to_raw('IqrbJkR9h7VQsVWk12T60A==') )
);
dbms_output.put_line( UTL_I18N.RAW_TO_CHAR(utl_encode.base64_encode(l_encrypted),'AL32UTF8'));
END;
/
/*
actual result: VOsHqOuCJUSVYMta4Bz2tSe/aMDN+Ol9
expected result: oCQBWzcu9gCYmxf0kL3oTgkX/K8UVk/t
*/
--decrypt
SET SERVEROUTPUT ON;
DECLARE
l_decrypted RAW(128);
BEGIN
l_decrypted := dbms_crypto.decrypt(src => utl_encode.base64_decode(utl_raw.cast_to_RAW('oCQBWzcu9gCYmxf0kL3oTgkX/K8UVk/t')),
typ => DBMS_CRYPTO.des3_cbc_pkcs5,
key => utl_encode.base64_decode(utl_raw.cast_to_raw('IqrbJkR9h7VQsVWk12T60A==') )
);
dbms_output.put_line( UTL_I18N.RAW_TO_CHAR(l_decrypted,'AL32UTF8'));
END;
/
/*
actual result:
Error report -
ORA-28817: PL/SQL function returned an error.
ORA-06512: at "SYS.DBMS_CRYPTO_FFI", line 67
ORA-06512: at "SYS.DBMS_CRYPTO", line 44
ORA-06512: at line 4
28817. 00000 - "PL/SQL function returned an error."
*Cause: A PL/SQL function returned an error unexpectedly.
*Action: This is an internal error. Enable tracing to find more
information. Contact Oracle customer support if needed.
*Document: NO
expected result: ID:5031743749436704
*/
Upvotes: 0
Views: 1584
Answers (2)
Reputation: 14403
PKCS7 is not supported by Oracle's DBMS_CRYPTO package.
Here is an option for you.
Upvotes: 2
Reputation: 60292
As Mark said, PKCS7 is not currently supported by dbms_crypto.
To answer your question about why your PKCS5 code failed with the (admittedly unhelpful) error "A PL/SQL function returned an error unexpectedly.", the problem in your case is that the functions you are calling to convert the values for the src and key parameters are not quite correct. You don't need to call utl_encode.base64_decode to convert the raw key values. Also, the value you pass to src should be the reverse of how you converted from the original encrypted raw into a string - i.e. to display the encrypted value, you called utl_encode.base64_encode followed by utl_i18n.raw_to_char. To convert the resulting string back into a raw, you need to do the exact reverse - i.e. call utl_i18n.string_to_raw followed by utl_encode.base64_decode.
Here is a working example:
SET SERVEROUTPUT ON;
DECLARE
l_encrypted RAW(128);
l_decrypted RAW(128);
l_key RAW(128);
BEGIN
l_key := utl_raw.cast_to_raw('IqrbJkR9h7VQsVWk12T60A==');
l_encrypted := dbms_crypto.encrypt(src => utl_raw.cast_to_raw('ID:5031743749436704'),
typ => dbms_crypto.des3_cbc_pkcs5,
key => l_key
);
dbms_output.put_line(
UTL_I18N.RAW_TO_CHAR(
utl_encode.base64_encode(l_encrypted),'AL32UTF8'));
l_encrypted := utl_encode.base64_decode(
utl_i18n.string_to_raw('tKQyG9kMqEMyv28q/dDXfGuWbf+Dnday','AL32UTF8'));
dbms_output.put_line(
UTL_I18N.RAW_TO_CHAR(
utl_encode.base64_encode(l_encrypted),'AL32UTF8'));
l_decrypted := dbms_crypto.decrypt(src => l_encrypted,
typ => DBMS_CRYPTO.des3_cbc_pkcs5,
key => l_key
);
dbms_output.put_line( UTL_I18N.RAW_TO_CHAR(l_decrypted,'AL32UTF8'));
END;
/
tKQyG9kMqEMyv28q/dDXfGuWbf+Dnday
tKQyG9kMqEMyv28q/dDXfGuWbf+Dnday
ID:5031743749436704
Upvotes: 2
Related Questions
- dbms_crypto and a Powershell
- Using DBMS_CRYPTO.ENCRYPT safely - NLS error detected
- How to connect DBMS_CRYPTO?
- How to use DBMS_CRYPTO.encrypt function in oracle
- DBMS_CRYPTO.ENCRYPT returning different results in different oracle DB versions
- Oracle XE and DBMS_CRYPTO
- Trouble With Encryption in Oracle11g
- DBMS_CRYPTO package is missing
- Oracle's DBMS_CRYPTO.DES_CBC_PKCS equivalent in C#
- Use DBMS_CRYPTO to encrypt data