| Security Advisory |
Types and subroutines supporting the DBMS_CRYPTO built in encryption package and Wallets and Transparent Data Encryption.
According to the source file header:
--- Old dbms_crypto_TOOLKIT code.
--- The code below was desupported and should not be documented.
--- Final disposition on the removal of this package is pending.
--- December 12, 2002
Apparently someone forgot about this sometime during the preceding 16 years. The script was last altered, according to the header, in 2014 ... 12 years after it was "desupported".
Reference to the package here at in the DBSecWorx code library is intended solely as a warning that there is no known legitimate reason for anyone to have access to this security package. |
| |
| Recommended Security Rules |
NEVER
- Grant execute on this package to any user or role
WITH GREAT CARE
- Check regularly to determine if execute on this package has been granted and if so treat it as highly suspicious: It should raise alarms.
CAUTIONS
|
| |
| How Oracle Works |
| N/A |
N/A |
| |
| DBMS_CRYPTO_TOOLKIT Package Information |
| AUTHID |
DEFINER |
| Constants |
| Name |
Data Type |
Value |
| DETACHEDSIGNATURE |
Crypto_Engine_Function |
1 |
| SIGNATURE |
Crypto_Engine_Function |
2 |
| ENVELOPING |
Crypto_Engine_Function |
3 |
| PKENCRYPTION |
Crypto_Engine_Function |
4 |
| ENCRYPTION |
Crypto_Engine_Function |
5 |
| KEYEDHASH_CHECKSUM |
Crypto_Engine_Function |
6 |
| HASH_CHECKSUM |
Crypto_Engine_Function |
7 |
| RANDOM |
Crypto_Engine_Function |
8 |
| |
| CONTINUE_PROCESSING |
Crypto_Engine_State |
1 |
| END_PROCESSING |
Crypto_Engine_State |
2 |
| RESET_PROCESSING |
Crypto_Engine_State |
3 |
| |
| X509V1 |
Identity_Type |
1 |
| SYMMETRIC |
Identity_Type |
2 |
| |
| RSA |
Cipher |
1 |
| DES |
Cipher |
2 |
| RC4 |
Cipher |
3 |
| MD5DES |
Cipher |
4 |
| MD5RC2 |
Cipher |
5 |
| MD5 |
Cipher |
6 |
| SHA |
Cipher |
7 |
| |
| PKCS7 |
Data_Unit_Format |
1 |
| RSAPAD |
Data_Unit_Format |
2 |
| ORACLEv1 |
Data_Unit_Format |
3 |
|
| Data Types |
SUBTYPE Crypto_Engine_Function IS dbms_crypto_toolkit_types.Crypto_Engine_Function;
SUBTYPE Crypto_Engine_State IS dbms_crypto_toolkit_types.Crypto_Engine_State;
SUBTYPE Identity_Type IS dbms_crypto_toolkit_types.Identity_Type;
SUBTYPE Cipher IS dbms_crypto_toolkit_types.Cipher;
SUBTYPE Data_Unit_Format IS dbms_crypto_toolkit_types.Data_Unit_Format;
-- Aliases to reduce typing.
SUBTYPE Wallet IS dbms_crypto_toolkit_types.Wallet;
SUBTYPE Persona IS dbms_crypto_toolkit_types.Persona;
SUBTYPE Identity IS dbms_crypto_toolkit_types.Identity;
SUBTYPE Identity_Array IS dbms_crypto_toolkit_types.Identity_Array;
SUBTYPE Alias_String IS dbms_crypto_toolkit_types.Alias_String;
SUBTYPE Comment_String IS dbms_crypto_toolkit_types.Comment_String;
SUBTYPE Identity_Description IS dbms_crypto_toolkit_types.Identity_Description;
SUBTYPE Identity_Description_List IS dbms_crypto_toolkit_types.Identity_Description_List;
SUBTYPE Persona_Description IS dbms_crypto_toolkit_types.Persona_Description;
SUBTYPE Persona_List IS dbms_crypto_toolkit_types.Persona_List;
SUBTYPE Private_Persona_Information IS dbms_crypto_toolkit_types.Private_Persona_Information; |
| Dependencies |
| DBMS_CRYPTO_TOOLKIT_FFI |
DBMS_CRYPTO_TOOLKIT_TYPES |
UTL_RAW |
|
| Documented in Types & Packages |
No |
| Exceptions |
| Error Code |
Reason |
| ORA-28836 |
package_wallet_is_not_open |
| ORA-28840 |
package_wallet_is_open |
|
| First Available |
10.1.0.3 |
| Security Model |
Owned by SYS with EXECUTE granted to PUBLIC |
| Source |
{ORACLE_HOME}/rdbms/admin/dbmsoctk.sql |
| Subprograms |
|
| |
| ABORTIDENTITY |
| Aborts an identity |
dbms_crypto_toolkit.abortIdentity(identity IN OUT Identity); |
| TBD |
| |
| CLOSEPERSONA |
| Closes a persona within a wallet |
dbms_crypto_toolkit.closePersona(persona IN OUT Persona); |
| See Demo Below |
| |
| CLOSEWALLET |
Closes the identified wallet
Overload 1 |
dbms_crypto_toolkit.closeWallet(wallet IN OUT Wallet); |
| TBD |
Closes the wallet kept by the package
Overload 2 |
dbms_crypto_toolkit.closeWallet; |
exec dbms_crypto_toolkit.closeWallet; |
| |
| CREATEIDENTITY |
| Creates an identity |
dbms_crypto_toolkit.createIdentity(
identitytype IN Identity_Type,
public_identity IN VARCHAR2,
alias IN VARCHAR2,
longer_description IN VARCHAR2,
trust_qualifier IN VARCHAR2,
identity OUT Identity); |
| TBD |
| |
| CREATEPERSONA |
| Creates a persona |
dbms_crypto_toolkit.createPersona(
cipher_type IN Cipher,
private_information IN Private_Persona_Information,
prl IN VARCHAR2,
alias IN VARCHAR2,
longer_description IN VARCHAR2,
persona OUT Persona); |
| TBD |
| |
| CREATEWALLET |
Creates the identified wallet
Overload 1 |
dbms_crypto_toolkit.createWallet(
password IN VARCHAR2,
wallet IN OUT Wallet,
wallet_resource_locator IN VARCHAR2 DEFAULT NULL); |
| TBD |
Used by applications which want to use the wallet kept by the package
Overload 2 |
dbms_crypto_toolkit.createWallet(
password IN VARCHAR2,
wallet_resource_locator IN VARCHAR2 DEFAULT NULL); |
SQL> BEGIN
2 dbms_crypto_toolkit.createWallet('oracle1', wallet_resource_locator=>NULL);
3 END;
4 /
BEGIN
*
ERROR at line 1:
ORA-28817: PL/SQL function returned an error.
ORA-06512: at "SYS.DBMS_CRYPTO_TOOLKIT_FFI", line 74
ORA-06512: at "SYS.DBMS_CRYPTO_TOOLKIT", line 141
ORA-06512: at line 2 |
| |
| DECRYPT |
Converts the contents of an encrypted message back into its original readable format
Overload 1 |
dbms_crypto_toolkit.decrypt(
persona IN Persona,
input IN RAW,
decrypted_data OUT RAW,
decryption_state IN Crypto_Engine_State DEFAULT END_PROCESSING); |
| TBD |
| Overload 2 |
dbms_crypto_toolkit.decrypt(
persona IN Persona,
input IN RAW,
decryption_state IN Crypto_Engine_State DEFAULT END_PROCESSING)
RETURN RAW; |
| TBD |
| Overload 3 |
dbms_crypto_toolkit.decrypt(
persona IN Persona,
input_string IN VARCHAR2,
decrypted_string OUT VARCHAR2,
decryption_state IN Crypto_Engine_State DEFAULT END_PROCESSING); |
| TBD |
| Overload 4 |
dbms_crypto_toolkit.decrypt(
persona IN Persona,
input_string IN VARCHAR2,
decryption_state IN Crypto_Engine_State DEFAULT END_PROCESSING)
RETURN VARCHAR2; |
| TBD |
| |
| DEENVELOPE |
Remove a message from an envelope
Overload 1 |
dbms_crypto_toolkit.deEnvelope(
persona IN Persona,
enveloped_data IN RAW,
output_data OUT RAW,
verified OUT BOOLEAN,
validated OUT BOOLEAN,
sender_identity OUT Identity,
decryption_state IN Crypto_Engine_State DEFAULT END_PROCESSING); |
| TBD |
| Overload 2 |
dbms_crypto_toolkit.deEnvelope(
persona IN Persona,
enveloped_data IN RAW,
verified OUT BOOLEAN,
validated OUT BOOLEAN,
sender_identity OUT Identity,
decryption_state IN Crypto_Engine_State DEFAULT END_PROCESSING)
RETURN RAW; |
| TBD |
| Overload 3 |
dbms_crypto_toolkit.deEnvelope(
persona IN Persona,
enveloped_string IN VARCHAR2,
output_string OUT VARCHAR2,
verified OUT BOOLEAN,
validated OUT BOOLEAN,
sender_identity OUT Identity,
decryption_state IN Crypto_Engine_State DEFAULT END_PROCESSING); |
| TBD |
| Overload 4 |
dbms_crypto_toolkit.deEnvelope(
persona IN Persona,
enveloped_string IN VARCHAR2,
verified OUT BOOLEAN,
validated OUT BOOLEAN,
sender_identity OUT Identity,
decryption_state IN Crypto_Engine_State DEFAULT END_PROCESSING)
RETURN VARCHAR2; |
| TBD |
| |
| DESTROYWALLET |
| Deletes a wallet bases on a given wallet resource locator |
dbms_crypto_toolkit.destroyWallet(
password IN VARCHAR2,
wallet_resource_locator IN VARCHAR2 DEFAULT NULL); |
| TBD |
| |
| ENCRYPT |
Disguise the contents of a message and rendering it unreadable
Overload 1 |
dbms_crypto_toolkit.encrypt(
persona IN Persona,
input IN RAW,
encrypted_data OUT RAW,
encryption_state IN Crypto_Engine_State DEFAULT END_PROCESSING); |
| TBD |
| Overload 2 |
dbms_crypto_toolkit.encrypt(
persona IN Persona,
input IN RAW,
encryption_state IN Crypto_Engine_State DEFAULT END_PROCESSING)
RETURN RAW; |
| TBD |
| Overload 3 |
dbms_crypto_toolkit.encrypt(
persona IN Persona,
input_string IN VARCHAR2,
encryption_state IN Crypto_Engine_State DEFAULT END_PROCESSING)
RETURN VARCHAR2; |
| TBD |
| |
| ENVELOPE |
Digitally signs a message for authentication and encrypting the message with the recipient's public key
Overload 1 |
dbms_crypto_toolkit.envelope(
persona IN Persona,
recipient IN Identity,
input IN RAW,
enveloped_data OUT RAW,
encryption_state IN Crypto_Engine_State DEFAULT END_PROCESSING); |
| TBD |
| Overload 2 |
dbms_crypto_toolkit.envelope(
persona IN Persona,
recipient IN Identity,
input IN RAW,
encryption_state IN Crypto_Engine_State DEFAULT END_PROCESSING)
RETURN RAW; |
| TBD |
| Overload 3 |
dbms_crypto_toolkit.envelope(
persona IN Persona,
recipient IN Identity,
input_string IN VARCHAR2,
enveloped_string OUT VARCHAR2,
encryption_state IN Crypto_Engine_State DEFAULT END_PROCESSING); |
| TBD |
| Overload 4 |
dbms_crypto_toolkit.envelope(
persona IN Persona,
recipient IN Identity,
input_string IN VARCHAR2,
encryption_state IN Crypto_Engine_State DEFAULT END_PROCESSING)
RETURN VARCHAR2; |
| TBD |
| Overload 5 |
dbms_crypto_toolkit.envelope(
persona IN Persona,
number_of_recipients IN POSITIVE,
recipient_list IN Identity_Array,
input IN RAW,
enveloped_data OUT RAW,
encryption_state IN Crypto_Engine_State DEFAULT END_PROCESSING); |
| TBD |
| Overload 6 |
dbms_crypto_toolkit.envelope(
persona IN Persona,
number_of_recipients IN POSITIVE,
recipient_list IN Identity_Array,
input IN RAW,
encryption_state IN Crypto_Engine_State DEFAULT END_PROCESSING)
RETURN RAW; |
| TBD |
| Overload 7 |
dbms_crypto_toolkit.envelope(
persona IN Persona,
number_of_recipients IN POSITIVE,
recipient_list IN Identity_Array,
input_string IN VARCHAR2,
enveloped_string OUT VARCHAR2,
encryption_state IN Crypto_Engine_State DEFAULT END_PROCESSING); |
| TBD |
| Overload 8 |
dbms_crypto_toolkit.envelope(
persona IN Persona,
number_of_recipients IN POSITIVE,
recipient_list IN Identity_Array,
input_string IN VARCHAR2,
encryption_state IN Crypto_Engine_State DEFAULT END_PROCESSING)
RETURN VARCHAR2; |
| TBD |
| |
| HASH |
Generate a hash of the current message
Overload 1 |
dbms_crypto_toolkit.hash(
persona IN Persona,
input IN RAW,
hash OUT RAW,
hash_state IN Crypto_Engine_State DEFAULT END_PROCESSING); |
| TBD |
| Overload 2 |
dbms_crypto_toolkit.hash(
persona IN Persona,
input IN RAW,
hash_state IN Crypto_Engine_State DEFAULT END_PROCESSING)
RETURN RAW; |
| TBD |
| Overload 3 |
dbms_crypto_toolkit.hash(
persona IN Persona,
input_string IN VARCHAR2,
hash OUT RAW,
hash_state IN Crypto_Engine_State DEFAULT END_PROCESSING); |
| TBD |
| Overload 4 |
dbms_crypto_toolkit.hash(
persona IN Persona,
input_string IN VARCHAR2,
hash_state IN Crypto_Engine_State DEFAULT END_PROCESSING)
RETURN RAW; |
| TBD |
| |
| INITIALIZE |
| Initialize the toolkit package for use |
dbms_crypto_toolkit.initialize; |
exec dbms_crypto_toolkit.initialize; |
| |
| KEYEDHASH |
Generates a public key checksum
Overload 1 |
dbms_crypto_toolkit.keyedHash(
persona IN Persona,
input IN RAW,
keyed_hash OUT RAW,
hash_state IN Crypto_Engine_State DEFAULT END_PROCESSING); |
| TBD |
| Overload 2 |
dbms_crypto_toolkit.keyedHash(
persona IN Persona,
input IN RAW,
hash_state IN Crypto_Engine_State DEFAULT END_PROCESSING)
RETURN RAW; |
| TBD |
| Overload 3 |
dbms_crypto_toolkit.keyedHash(
persona IN Persona,
input_string IN VARCHAR2,
keyed_hash OUT RAW,
hash_state IN Crypto_Engine_State DEFAULT END_PROCESSING); |
| TBD |
| Overload 4 |
dbms_crypto_toolkit.keyedHash(
persona IN Persona,
input_string IN VARCHAR2,
hash_state IN Crypto_Engine_State DEFAULT END_PROCESSING)
RETURN RAW; |
| TBD |
| |
| OPENPERSONA |
| Opens a persona in the open wallet |
dbms_crypto_toolkit.openPersona(persona IN OUT Persona); |
| See Demo Below |
| |
| OPENWALLET |
Opens the identified wallet
Overload 1 |
dbms_crypto_toolkit.openWallet(
password IN VARCHAR2,
wallet IN OUT Wallet,
persona_list OUT Persona_List,
wallet_resource_locator IN VARCHAR2 DEFAULT NULL); |
| See Demo Below |
Opens the wallet kept by the package
Overload 2 |
dbms_crypto_toolkit.openWallet(
password IN VARCHAR2,
persona_list OUT Persona_List,
wallet_resource_locator IN VARCHAR2 DEFAULT NULL); |
| TBD |
| |
| PKDECRYPT |
Decrypt for one recipient
Overload 1 |
dbms_crypto_toolkit.PKDecrypt(
persona IN Persona,
input IN RAW,
decrypted_data OUT RAW,
decryption_state IN Crypto_Engine_State DEFAULT END_PROCESSING); |
| TBD |
| Overload 2 |
dbms_crypto_toolkit.PKDecrypt(
persona IN Persona,
input IN RAW,
decryption_state IN Crypto_Engine_State DEFAULT END_PROCESSING)
RETURN RAW; |
| TBD |
| Overload 3 |
dbms_crypto_toolkit.PKDecrypt(
persona IN Persona,
input_string IN VARCHAR2,
decrypted_string OUT VARCHAR2,
decryption_state IN Crypto_Engine_State DEFAULT END_PROCESSING); |
| TBD |
| Overload 4 |
dbms_crypto_toolkit.PKDecrypt(
persona IN Persona,
input_string IN VARCHAR2,
decryption_state IN Crypto_Engine_State DEFAULT END_PROCESSING)
RETURN VARCHAR2; |
| TBD |
| |
| PKENCRYPT |
Encrypt for one recipient
Overload 1 |
dbms_crypto_toolkit.PKEncrypt(
persona IN Persona,
recipient IN Identity,
input IN RAW,
encrypted_data OUT RAW,
encryption_state IN Crypto_Engine_State DEFAULT END_PROCESSING); |
| TBD |
| Overload 2 |
dbms_crypto_toolkit.PKEncrypt(
persona IN Persona,
recipient IN Identity,
input IN RAW,
encryption_state IN Crypto_Engine_State DEFAULT END_PROCESSING)
RETURN RAW; |
| TBD |
| Overload 3 |
dbms_crypto_toolkit.PKEncrypt(
persona IN Persona,
recipient IN Identity,
input_string IN VARCHAR2,
encrypted_string OUT VARCHAR2,
encryption_state IN Crypto_Engine_State DEFAULT END_PROCESSING); |
| TBD |
| Overload 4 |
dbms_crypto_toolkit.PKEncrypt(
persona IN Persona,
recipient IN Identity,
input_string IN VARCHAR2,
encryption_state IN Crypto_Engine_State DEFAULT END_PROCESSING)
RETURN VARCHAR2; |
| TBD |
| Overload 5 |
dbms_crypto_toolkit.PKEncrypt(
persona IN Persona,
number_of_recipients IN POSITIVE,
recipient_list IN Identity_Array,
input IN RAW,
encrypted_data OUT RAW,
encryption_state IN Crypto_Engine_State DEFAULT END_PROCESSING); |
| TBD |
| Overload 6 |
dbms_crypto_toolkit.PKEncrypt(
persona IN Persona,
number_of_recipients IN POSITIVE,
recipient_list IN Identity_Array,
input IN RAW,
encryption_state IN Crypto_Engine_State DEFAULT END_PROCESSING)
RETURN RAW; |
| TBD |
| Overload 7 |
dbms_crypto_toolkit.PKEncrypt(
persona IN Persona,
number_of_recipients IN POSITIVE,
recipient_list IN Identity_Array,
input_string IN VARCHAR2,
encrypted_string OUT VARCHAR2,
encryption_state IN Crypto_Engine_State DEFAULT END_PROCESSING); |
| TBD |
| Overload 8 |
dbms_crypto_toolkit.PKEncrypt(
persona IN Persona,
number_of_recipients IN POSITIVE,
recipient_list IN Identity_Array,
input_string IN VARCHAR2,
encryption_state IN Crypto_Engine_State DEFAULT END_PROCESSING)
RETURN VARCHAR2; |
| TBD |
| |
| RANDOMBYTES |
Generates random bytes
Overload 1 |
dbms_crypto_toolkit.randomBytes(
persona IN Persona,
number_of_bytes_desired IN POSITIVE,
random_bytes OUT RAW); |
| TBD |
| Overload 2 |
dbms_crypto_toolkit.randomBytes(
persona IN Persona,
number_of_bytes_desired IN POSITIVE)
RETURN RAW; |
| TBD |
| |
| RANDOMNUMBER |
Generates random numbers
Overload 1 |
dbms_crypto_toolkit.randomNumber(persona IN Persona, random_number OUT BINARY_INTEGER); |
| TBD |
| Overload 2 |
dbms_crypto_toolkit.randomNumber(persona IN Persona) RETURN BINARY_INTEGER; |
| TBD |
| |
| REMOVEIDENTITY |
| Destroys an identity |
dbms_crypto_toolkit.removeIdentity(identity OUT Identity); |
SQL> DECLARE
2 RetVal dbms_crypto_toolkit_types.identity;
3
BEGIN
4
dbms_crypto_toolkit.removeIdentity(RetVal);
5
END;
6
/
DECLARE
*
ERROR at line 1:
ORA-28817: PL/SQL function returned an error.
ORA-06512: at "SYS.DBMS_CRYPTO_TOOLKIT_FFI", line 290
ORA-06512: at "SYS.DBMS_CRYPTO_TOOLKIT", line 253
ORA-06512: at line 4 |
| |
| REMOVEPERSONA |
| Removes a persona from a wallet |
dbms_crypto_toolkit.removePersona(persona IN OUT Persona); |
| TBD |
| |
| SEEDRANDOM |
Generates a random seed value
Overload 1 |
dbms_crypto_toolkit.seedRandom(persona IN Persona, seed IN RAW); |
| TBD |
| Overload 2 |
dbms_crypto_toolkit.seedRandom(persona IN Persona, seed IN VARCHAR2); |
| TBD |
| Overload 3 |
dbms_crypto_toolkit.seedRandom(persona IN Persona, seed IN BINARY_INTEGER); |
| TBD |
| |
| SIGN |
Create an attached signature associated with the current persona
Overload 1 |
dbms_crypto_toolkit.sign(
persona IN Persona,
input IN RAW,
signature OUT RAW,
signature_state IN Crypto_Engine_State
DEFAULT END_PROCESSING); |
| See Demo Below |
| Overload 2 |
dbms_crypto_toolkit.sign(
persona IN Persona,
input IN RAW,
signature_state IN Crypto_Engine_State DEFAULT END_PROCESSING)
RETURN RAW; |
| TBD |
| Overload 3 |
dbms_crypto_toolkit.sign(
persona IN Persona,
input_string IN VARCHAR2,
signature OUT RAW,
signature_state IN Crypto_Engine_State
DEFAULT END_PROCESSING); |
| See Demo Below |
| Overload 4 |
dbms_crypto_toolkit.sign(
persona IN Persona,
input_string IN VARCHAR2,
signature_state IN Crypto_Engine_State DEFAULT END_PROCESSING)
RETURN RAW; |
| TBD |
| |
| SIGNDETACHED |
Creates a signature generated from a message kept separate from the message signature associated with the current persona
Overload 1 |
dbms_crypto_toolkit.signDetached(
persona IN Persona,
input IN RAW,
signature OUT RAW,
signature_state IN Crypto_Engine_State DEFAULT END_PROCESSING); |
| See Demo Below |
| Overload 2 |
dbms_crypto_toolkit.signDetached(
persona IN Persona,
input IN RAW,
signature_state IN Crypto_Engine_State DEFAULT END_PROCESSING)
RETURN RAW; |
| TBD |
| Overload 3 |
dbms_crypto_toolkit.signDetached(
persona IN Persona,
input_string IN VARCHAR2,
signature OUT RAW,
signature_state IN Crypto_Engine_State DEFAULT END_PROCESSING); |
| TBD |
| Overload 4 |
dbms_crypto_toolkit.signDetached(
persona IN Persona,
input_string IN VARCHAR2,
signature_state IN Crypto_Engine_State DEFAULT END_PROCESSING)
RETURN RAW; |
| TBD |
| |
| STOREPERSONA |
Stores the persona, a combination of an identity (public information) and associated private information
Overload 1 |
dbms_crypto_toolkit.storePersona(
persona IN OUT Persona,
wallet IN OUT Wallet); |
| TBD |
Used by applications that want to use the wallet kept by the package
Overload 2 |
dbms_crypto_toolkit.storePersona(persona IN OUT Persona); |
SQL> DECLARE
2 RetVal dbms_crypto_toolkit_types.persona;
3 BEGIN
4 dbms_crypto_toolkit.storePersona(RetVal);
5 END;
6 /
DECLARE
*
ERROR at line 1:
ORA-28836: Wallet is not open.
ORA-06512: at "SYS.DBMS_CRYPTO_TOOLKIT", line 172
ORA-06512: at line 4
-- follow the link at page bottom for "Wallet" to create a wallet and open it
SQL> DECLARE
2 RetVal dbms_crypto_toolkit_types.persona;
3 BEGIN
4 dbms_crypto_toolkit.storePersona(RetVal);
5 END;
6 /
DECLARE
*
ERROR at line 1:
ORA-28836: Wallet is not open.
ORA-06512: at "SYS.DBMS_CRYPTO_TOOLKIT", line 172
ORA-06512: at line 4
SQL> SELECT status
2 FROM v$encryption_wallet;
STATUS
-------
OPEN |
| |
| STOREPERSONA |
Stores the persona, a combination of an identity (public information) and associated private information
Overload 1 |
dbms_crypto_toolkit.storePersona(
persona IN OUT Persona,
wallet IN OUT Wallet); |
| TBD |
Used by applications that want to use the wallet kept by the package
Overload 2 |
dbms_crypto_toolkit.storePersona(persona IN OUT Persona); |
SQL> DECLARE
2 RetVal dbms_crypto_toolkit_types.persona;
3 BEGIN
4 dbms_crypto_toolkit.storePersona(RetVal);
5 END;
6 /
DECLARE
*
ERROR at line 1:
ORA-28836: Wallet is not open.
ORA-06512: at "SYS.DBMS_CRYPTO_TOOLKIT", line 172
ORA-06512: at line 4
-- follow the link at page bottom for "Wallet" to create a wallet and open it
SQL> DECLARE
2 RetVal dbms_crypto_toolkit_types.persona;
3 BEGIN
4 dbms_crypto_toolkit.storePersona(RetVal);
5 END;
6 /
DECLARE
*
ERROR at line 1:
ORA-28836: Wallet is not open.
ORA-06512: at "SYS.DBMS_CRYPTO_TOOLKIT", line 172
ORA-06512: at line 4
SQL> SELECT status
2 FROM v$encryption_wallet;
STATUS
-------
OPEN |
| |
| STORETRUSTEDIDENTITY |
| Stores an identity as a trustpoint within a wallet |
dbms_crypto_toolkit.storeTrustedIdentity(
identity IN OUT Identity,
persona IN Persona); |
| TBD |
| |
| TERMINATE |
| Stop Cryptographic Toolkit operation |
dbms_crypto_toolkit.terminate; |
exec dbms_crypto_toolkit.terminate; |
| |
| VALIDATE |
| Uses the trusted identities associated with a persona to validate an identity |
dbms_crypto_toolkit.validate(
persona IN Persona,
identity IN Identity)
RETURN BOOLEAN; |
| TBD |
| |
| VERIFY |
Verify an attached signature
Overload 1 |
dbms_crypto_toolkit.verify(
persona IN Persona,
signature IN RAW,
extracted_message OUT RAW,
verified OUT BOOLEAN,
validated OUT BOOLEAN,
signing_party_identity OUT Identity,
signature_state IN Crypto_Engine_State DEFAULT END_PROCESSING); |
| See Demo Below |
| Overload 2 |
dbms_crypto_toolkit.verify(
persona IN Persona,
signature IN RAW,
verified OUT BOOLEAN,
validated OUT BOOLEAN,
signing_party_identity OUT Identity,
signature_state IN Crypto_Engine_State DEFAULT END_PROCESSING)
RETURN RAW; |
| TBD |
| Overload 3 |
dbms_crypto_toolkit.verify(
persona IN Persona,
signature IN RAW,
extracted_message_string OUT VARCHAR2,
verified OUT BOOLEAN,
validated OUT BOOLEAN,
signing_party_identity OUT Identity,
signature_state IN Crypto_Engine_State DEFAULT END_PROCESSING); |
| TBD |
| Overload 4 |
dbms_crypto_toolkit.verify(
persona IN Persona,
signature IN RAW,
verified OUT BOOLEAN,
validated OUT BOOLEAN,
signing_party_identity OUT Identity,
signature_state IN Crypto_Engine_State DEFAULT END_PROCESSING)
RETURN VARCHAR2; |
| TBD |
| |
| VERIFYDETACHED |
Verify a detached signature
Overload 1 |
dbms_crypto_toolkit.verifyDetached(
persona IN Persona,
data IN RAW,
signature IN RAW,
verified OUT BOOLEAN,
validated OUT BOOLEAN,
signing_party_identity OUT Identity,
signature_state IN Crypto_Engine_State DEFAULT END_PROCESSING); |
| See Demo Below |
| Overload 2 |
dbms_crypto_toolkit.verifyDetached(
persona IN Persona,
data_string IN VARCHAR2,
signature IN RAW,
verified OUT BOOLEAN,
validated OUT BOOLEAN,
signing_party_identity OUT Identity,
signature_state IN Crypto_Engine_State DEFAULT END_PROCESSING); |
| TBD |
| |
| Demo |
This crypto toolkit demo was published by Oracle as:
Oracle Cryptographic Toolkit Programmer's Guide
Release 2.0.4
A54082-02
Sample PL/SQL Code
It has been modified for clarity and to fix a number of syntax errors that prevent the Oracle demo from compiling. |
conn sys@pdbdev as sysdba
set serveroutput on
DECLARE
all_done BOOLEAN := FALSE;
decrypted_string VARCHAR2 (2048);
encrypted_string VARCHAR2 (2048);
extracted_string VARCHAR2 (128);
hash_string VARCHAR2 (2048);
persona dbms_crypto_toolkit.persona;
persona_list dbms_crypto_toolkit.persona_list;
recipient dbms_crypto_toolkit.identity;
signature RAW(2048);
signing_party dbms_crypto_toolkit.identity;
string_input VARCHAR2(6) := '123456';
string_validated BOOLEAN := FALSE;
string_verified BOOLEAN := FALSE;
wallet dbms_crypto_toolkit.wallet;
-- package state flags
initialized BOOLEAN := FALSE;
wallet_opened BOOLEAN := FALSE;
persona_opened BOOLEAN := FALSE;
encrypt_unsupported_msg VARCHAR2(64) := 'Encryption Unsupported - Ignoring Exception';
done_exception EXCEPTION;
operation_unsupported EXCEPTION;
PRAGMA EXCEPTION_INIT (operation_unsupported, -28841);
BEGIN
dbms_crypto_toolkit.initialize;
initialized := TRUE;
-- open wallet
dbms_crypto_toolkit.openWallet('oracle1!', wallet, persona_list, 'default:');
wallet_opened := TRUE;
-- establish the identity associated with the first persona in the wallet
dbms_output.put_line('Alias: ' || persona_list(1).alias);
dbms_output.put_line('Comment: ' || persona_list(1).comment);
persona.persona := persona_list(1).persona;
recipient.descriptor := persona_list(1).identity;
-- open the first persona
dbms_crypto_toolkit.openPersona(persona);
persona_opened := TRUE;
-- create an attached signature associated with the current persona
dbms_crypto_toolkit.sign(persona=>persona, input=>string_input, signature=>signature);
-- verify the attached signature
dbms_crypto_toolkit.verify(persona => persona,
signature => signature,
extracted_message => extracted_string,
verified => string_verified,
validated => string_validated,
signing_party_identity => signing_party);
IF string_validated THEN
dbms_output.put_line('Signature Validated');
ELSE
NULL; -- need to handle failure condition
END IF;
IF string_verified THEN
dbms_output.put_line('Verified');
ELSE
NULL; -- need to handle failure condition
END IF;
-- create a detached signature associated with the current persona
dbms_crypto_toolkit.signDetached(persona => persona,
input => string_input,
signature => signature);
-- verify the detached signature
dbms_crypto_toolkit.verifyDetached(persona => persona,
data => string_input,
signature => signature,
verified => string_verified,
validated => string_validated,
signing_party_identity => signing_party);
IF string_validated THEN
dbms_output.put_line('Validated');
ELSE
NULL; -- need to handle failure condition
END IF;
IF string_verified THEN
dbms_output.put_line('Verified');
ELSE
NULL; -- need to handle failure condition
END IF;
-- generate a hash of the current message
dbms_crypto_toolkit.hash(persona => persona,
input => string_input,
hash => hash_string);
IF string_input = hash_string THEN
dbms_output.put_line('Hash Succeeded');
END IF;
all_done := TRUE;
RAISE done_exception;
EXCEPTION
WHEN OTHERS THEN
-- close the current open persona
IF persona_opened THEN
dbms_crypto_toolkit.closePersona(persona);
END IF;
-- close the wallet
IF wallet_opened THEN
dbms_crypto_toolkit.closeWallet(wallet);
END IF;
-- stop Cryptographic Toolkit operation
IF initialized THEN
dbms_crypto_toolkit.terminate;
END IF;
IF NOT all_done THEN
RAISE;
END IF;
END;
/ |