oracle-databaseoracle11goracle19cdbms-crypto

What is the DBMS_Crypto.encrypt() equivalent of DBMS_Obfuscation_Toolkit.DES3Encrypt()?

I am editing some Oracle code that includes DBMS_Obfuscation_Toolkit references. I read that the DBMS_Obfuscation_Toolkit package is de-supported as of Oracle 10.2, and that I should upgrade my code to instead be use DMBS_Crypto.

I have this code...

dbms_obfuscation_toolkit.DES3Encrypt(
    input => UTL_I18N.STRING_TO_RAW(v_input,  'AL32UTF8'),
    key => UTL_I18N.STRING_TO_RAW(v_key,  'AL32UTF8'),
    encrypted_data => v_temp_raw
);
--039053190040155118183231113102022222017082162099111241054160152245207112101203096142122226097245
v_temp := UTL_RAW.CAST_TO_VARCHAR2(v_temp_raw);

...which expects length v_input to be evenly-divisible by 8, and yields a 96 character result ("039053...").

The DBMS_Obfuscation_Toolkit documentation says that "Oracle's implementation of 3DES" defaults to the 2-key implementation, "in outer cipher-block-chaining (CBC) mode". But when I attempt to write a DBMS_Crypto.encrypt() equivalent...

    --050127133161074179059208056044163133102098061207107114089045105193049199029095204025170130139068
    v_temp := UTL_RAW.CAST_TO_VARCHAR2(
            DBMS_Crypto.encrypt(
                src => UTL_I18N.STRING_TO_RAW(v_input,  'AL32UTF8'), -- Cleartext
                typ => DBMS_Crypto.ENCRYPT_3DES_2key + DBMS_Crypto.CHAIN_CBC + DBMS_Crypto.PAD_NONE,
                key => UTL_I18N.STRING_TO_RAW(v_key,  'AL32UTF8') -- Key
            )
        );

...I get back a different 96 character result ("050127...").

For the purposes of above, v_input ('Trees sway into 25MPH winds! ') and v_key ('STACKOVERFLOW123456PSRV235KGNKNVEFHEF3404757543MNVOVCNALADNC6579') are the same.

To get the same result with DBMS_Crypto.encrypt(), what parameters should I be passing? What is the DBMS_Crypto.encrypt() equivalent of DBMS_Obfuscation_Toolkit.DES3Encrypt()?

Solution

  • You need to supply a matching initialization vector (IV). If there was no original IV, then use DBMS_CRYPTO.LEGACY_DEFAULT_IV = 0123456789ABCDEF:

    declare
  v_input    char(32) := 
    'Trees sway into 25MPH winds! ';
  v_temp_raw raw(32);
  v_key      varchar2(64) := 
    'STACKOVERFLOW123456PSRV235KGNKNVEFHEF3404757543MNVOVCNALADNC6579';
begin
  sys.dbms_obfuscation_toolkit.DES3Encrypt(
    input => UTL_I18N.STRING_TO_RAW ( v_input, 'AL32UTF8' ),
    key => UTL_I18N.STRING_TO_RAW ( v_key, 'AL32UTF8' ),
    encrypted_data => v_temp_raw
  );
  dbms_output.put_line ( v_temp_raw );
  
  v_temp_raw :=  sys.DBMS_Crypto.encrypt (
    src => UTL_I18N.STRING_TO_RAW ( v_input ,  'AL32UTF8' ), 
    typ => DBMS_Crypto.ENCRYPT_3DES_2key + DBMS_Crypto.CHAIN_CBC + DBMS_Crypto.PAD_NONE,
    key => UTL_I18N.STRING_TO_RAW ( v_key ,  'AL32UTF8' ),
    iv  => hextoraw ( '0123456789ABCDEF' )
  );
  dbms_output.put_line ( v_temp_raw );
end;
/

2735BE289B76B7E7716616DE1152A2636FF136A098F5CF7065CB608E7AE261F5
2735BE289B76B7E7716616DE1152A2636FF136A098F5CF7065CB608E7AE261F5