ORACLE 明文到密文的加密方法
DBMS_CRYPTODBMS_CRYPTO provides an interface to encrypt and decrypt stored data, and can be used in conjunction with PL/SQL programs running network communications. It provides support for several industry-standard encryption and hashing algorithms, including the Advanced Encryption Standard (AES) encryption algorithm. AES has been approved by the National Institute of Standards and Technology (NIST) to replace the Data Encryption Standard (DES).See Also:Oracle Database Security Guide for further information about using this package and about encrypting data in general.This chapter contains the following topics:
[*]Using the DBMS_CRYPTO Subprograms
[*]Overview
[*]Security Model
[*]Types
[*]Algorithms
[*]Restrictions
[*]Exceptions
[*]Operational Notes
[*]Summary of DBMS_CRYPTO Subprograms
Using the DBMS_CRYPTO Subprograms
[*]Overview
[*]Security Model
[*]Types
[*]Algorithms
[*]Restrictions
[*]Exceptions
[*]Operational Notes
OverviewDBMS_CRYPTO contains basic cryptographic functions and procedures. To use this package correctly and securely, a general level of security expertise is assumed.The DBMS_CRYPTO package enables encryption and decryption for common Oracle datatypes, including RAW and large objects (LOBs), such as images and sound. Specifically, it supports BLOBs and CLOBs. In addition, it provides Globalization Support for encrypting data across different database character sets.The following cryptographic algorithms are supported:
[*]Data Encryption Standard (DES), Triple DES (3DES, 2-key and 3-key)
[*]Advanced Encryption Standard (AES)
[*]MD5, MD4, and SHA-1 cryptographic hashes
[*]MD5 and SHA-1 Message Authentication Code (MAC)
Block cipher modifiers are also provided with DBMS_CRYPTO. You can choose from several padding options, including PKCS (Public Key Cryptographic Standard) #5, and from four block cipher chaining modes, including Cipher Block Chaining (CBC).Table 39-1 lists the DBMS_CRYPTO package features in comparison to the other PL/SQL encryption package, the DBMS_OBFUSCATION_TOOLKIT.Table 39-1 DBMS_CRYPTO and DBMS_OBFUSCATION_TOOLKIT Feature Comparison
Package FeatureDBMS_CRYPTODBMS_OBFUSCATION_TOOLKIT
Cryptographic algorithmsDES, 3DES, AES, RC4, 3DES_2KEYDES, 3DES
Padding formsPKCS5, zeroesnone supported
Block cipher chaining modesCBC, CFB, ECB, OFBCBC
Cryptographic hash algorithmsMD5, SHA-1, MD4MD5
Keyed hash (MAC) algorithmsHMAC_MD5, HMAC_SH1none supported
Cryptographic pseudo-random number generatorRAW, NUMBER, BINARY_INTEGERRAW, VARCHAR2
Database typesRAW, CLOB, BLOBRAW, VARCHAR2
--抛砖引玉-小例
DECLARE
x1 VARCHAR2(24);
bRAW(64);
x2 VARCHAR2(24);
kRAW(8);
BEGIN
x1:=&x1;
k:=dbms_crypto.RandomBytes(8);
b:=dbms_crypto.Encrypt(utl_raw.cast_to_raw(x1),dbms_crypto.DES_CBC_PKCS5,k);
x2:=utl_raw.cast_to_varchar2(dbms_crypto.Decrypt(b,dbms_crypto.DES_CBC_PKCS5,k));
dbMS_OUTPUT.PUT_LINE('输入值:'||x1||chr(10)||'密钥:'
||k||CHR(10)||'加密后:'||b||CHR(10)||'解密后:'||x2);
END;
页:
[1]