.net 用于PKCS7的Oracle dbms_加密
我的要求是使用dbms_crypto工具对从DOTNET end加密的表中加密的列进行解密。 看起来PKCS7方法在dotnet中使用,在Oracle端我找不到相应的填充;PKCS5可用 如果可以从plsql端获得所需的值,有人可以帮助我吗: Dot Net加密代码如下所示:.net 用于PKCS7的Oracle dbms_加密,.net,oracle,plsql,oracle11g,dbms-crypto,.net,Oracle,Plsql,Oracle11g,Dbms Crypto,我的要求是使用dbms_crypto工具对从DOTNET end加密的表中加密的列进行解密。 看起来PKCS7方法在dotnet中使用,在Oracle端我找不到相应的填充;PKCS5可用 如果可以从plsql端获得所需的值,有人可以帮助我吗: Dot Net加密代码如下所示: private static void Encrypt() { byte[] toEncryptArray = UTF8Encoding.UTF8.GetBytes("ID:5031743749436704");
private static void Encrypt()
{
byte[] toEncryptArray = UTF8Encoding.UTF8.GetBytes("ID:5031743749436704");
byte[] keyArray = new byte[16] {
34,
170,
219,
38,
68,
125,
135,
181,
80,
177,
85,
164,
215,
100,
250,
208 };
TripleDESCryptoServiceProvider tdes = new TripleDESCryptoServiceProvider();
//set the secret key for the tripleDES algorithm
tdes.Key = keyArray;
//mode of operation. there are other 4 modes.
//We choose ECB(Electronic code Book)
tdes.Mode = CipherMode.CBC;
//padding mode(if any extra byte added)
tdes.IV = new byte[8];
tdes.Padding = PaddingMode.PKCS7;
ICryptoTransform cTransform = tdes.CreateEncryptor();
//transform the specified region of bytes array to resultArray
byte[] resultArray =
cTransform.TransformFinalBlock(toEncryptArray, 0,
toEncryptArray.Length);
//Release resources held by TripleDes Encryptor
tdes.Clear();
//Return the encrypted data into unreadable string format
string enCryptedString = Convert.ToBase64String(resultArray, 0, resultArray.Length);
}
private static void Decrypt()
{
byte[] toEncryptArray = Convert.FromBase64String("T71mQdBbEwnk5kZKAc+16kgsrln4EkCJ");
byte[] keyArray = new byte[16] {
34,
170,
219,
38,
68,
125,
135,
181,
80,
177,
85,
164,
215,
100,
250,
208 };
//string s = Convert.ToBase64String(keyArray);
//string s1 = UTF8Encoding.UTF8.GetString(keyArray);
//string s3 = UTF32Encoding.UTF32.GetString(keyArray);
//string s4 = UTF7Encoding.UTF7.GetString(keyArray);
TripleDESCryptoServiceProvider tdes = new TripleDESCryptoServiceProvider();
//set the secret key for the tripleDES algorithm
tdes.Key = keyArray;
//mode of operation. there are other 4 modes.
//We choose ECB(Electronic code Book)
tdes.Mode = CipherMode.CBC;
//padding mode(if any extra byte added)
//tdes.Padding = PaddingMode.PKCS7;
tdes.IV = new byte[8];
ICryptoTransform cTransform = tdes.CreateDecryptor();
byte[] resultArray = cTransform.TransformFinalBlock(
toEncryptArray, 0, toEncryptArray.Length);
//Release resources held by TripleDes Encryptor
tdes.Clear();
//return the Clear decrypted TEXT
string decryptedString = UTF8Encoding.UTF8.GetString(resultArray);
string s2 = Convert.ToBase64String(resultArray); // Base 64 string of raw cc token
var str = System.Text.Encoding.Default.GetString(new byte[8]);
}
--encrypt
SET SERVEROUTPUT ON;
DECLARE
l_encrypted RAW(128);
BEGIN
l_encrypted := dbms_crypto.encrypt(src => utl_raw.cast_to_raw('ID:5031743749436704'),
typ => dbms_crypto.des3_cbc_pkcs5,
key => utl_encode.base64_decode(utl_raw.cast_to_raw('IqrbJkR9h7VQsVWk12T60A==') )
);
dbms_output.put_line( UTL_I18N.RAW_TO_CHAR(utl_encode.base64_encode(l_encrypted),'AL32UTF8'));
END;
/
/*
actual result: VOsHqOuCJUSVYMta4Bz2tSe/aMDN+Ol9
expected result: oCQBWzcu9gCYmxf0kL3oTgkX/K8UVk/t
*/
--decrypt
SET SERVEROUTPUT ON;
DECLARE
l_decrypted RAW(128);
BEGIN
l_decrypted := dbms_crypto.decrypt(src => utl_encode.base64_decode(utl_raw.cast_to_RAW('oCQBWzcu9gCYmxf0kL3oTgkX/K8UVk/t')),
typ => DBMS_CRYPTO.des3_cbc_pkcs5,
key => utl_encode.base64_decode(utl_raw.cast_to_raw('IqrbJkR9h7VQsVWk12T60A==') )
);
dbms_output.put_line( UTL_I18N.RAW_TO_CHAR(l_decrypted,'AL32UTF8'));
END;
/
/*
actual result:
Error report -
ORA-28817: PL/SQL function returned an error.
ORA-06512: at "SYS.DBMS_CRYPTO_FFI", line 67
ORA-06512: at "SYS.DBMS_CRYPTO", line 44
ORA-06512: at line 4
28817. 00000 - "PL/SQL function returned an error."
*Cause: A PL/SQL function returned an error unexpectedly.
*Action: This is an internal error. Enable tracing to find more
information. Contact Oracle customer support if needed.
*Document: NO
expected result: ID:5031743749436704
*/
Oracle试用版如下所示:
private static void Encrypt()
{
byte[] toEncryptArray = UTF8Encoding.UTF8.GetBytes("ID:5031743749436704");
byte[] keyArray = new byte[16] {
34,
170,
219,
38,
68,
125,
135,
181,
80,
177,
85,
164,
215,
100,
250,
208 };
TripleDESCryptoServiceProvider tdes = new TripleDESCryptoServiceProvider();
//set the secret key for the tripleDES algorithm
tdes.Key = keyArray;
//mode of operation. there are other 4 modes.
//We choose ECB(Electronic code Book)
tdes.Mode = CipherMode.CBC;
//padding mode(if any extra byte added)
tdes.IV = new byte[8];
tdes.Padding = PaddingMode.PKCS7;
ICryptoTransform cTransform = tdes.CreateEncryptor();
//transform the specified region of bytes array to resultArray
byte[] resultArray =
cTransform.TransformFinalBlock(toEncryptArray, 0,
toEncryptArray.Length);
//Release resources held by TripleDes Encryptor
tdes.Clear();
//Return the encrypted data into unreadable string format
string enCryptedString = Convert.ToBase64String(resultArray, 0, resultArray.Length);
}
private static void Decrypt()
{
byte[] toEncryptArray = Convert.FromBase64String("T71mQdBbEwnk5kZKAc+16kgsrln4EkCJ");
byte[] keyArray = new byte[16] {
34,
170,
219,
38,
68,
125,
135,
181,
80,
177,
85,
164,
215,
100,
250,
208 };
//string s = Convert.ToBase64String(keyArray);
//string s1 = UTF8Encoding.UTF8.GetString(keyArray);
//string s3 = UTF32Encoding.UTF32.GetString(keyArray);
//string s4 = UTF7Encoding.UTF7.GetString(keyArray);
TripleDESCryptoServiceProvider tdes = new TripleDESCryptoServiceProvider();
//set the secret key for the tripleDES algorithm
tdes.Key = keyArray;
//mode of operation. there are other 4 modes.
//We choose ECB(Electronic code Book)
tdes.Mode = CipherMode.CBC;
//padding mode(if any extra byte added)
//tdes.Padding = PaddingMode.PKCS7;
tdes.IV = new byte[8];
ICryptoTransform cTransform = tdes.CreateDecryptor();
byte[] resultArray = cTransform.TransformFinalBlock(
toEncryptArray, 0, toEncryptArray.Length);
//Release resources held by TripleDes Encryptor
tdes.Clear();
//return the Clear decrypted TEXT
string decryptedString = UTF8Encoding.UTF8.GetString(resultArray);
string s2 = Convert.ToBase64String(resultArray); // Base 64 string of raw cc token
var str = System.Text.Encoding.Default.GetString(new byte[8]);
}
--encrypt
SET SERVEROUTPUT ON;
DECLARE
l_encrypted RAW(128);
BEGIN
l_encrypted := dbms_crypto.encrypt(src => utl_raw.cast_to_raw('ID:5031743749436704'),
typ => dbms_crypto.des3_cbc_pkcs5,
key => utl_encode.base64_decode(utl_raw.cast_to_raw('IqrbJkR9h7VQsVWk12T60A==') )
);
dbms_output.put_line( UTL_I18N.RAW_TO_CHAR(utl_encode.base64_encode(l_encrypted),'AL32UTF8'));
END;
/
/*
actual result: VOsHqOuCJUSVYMta4Bz2tSe/aMDN+Ol9
expected result: oCQBWzcu9gCYmxf0kL3oTgkX/K8UVk/t
*/
--decrypt
SET SERVEROUTPUT ON;
DECLARE
l_decrypted RAW(128);
BEGIN
l_decrypted := dbms_crypto.decrypt(src => utl_encode.base64_decode(utl_raw.cast_to_RAW('oCQBWzcu9gCYmxf0kL3oTgkX/K8UVk/t')),
typ => DBMS_CRYPTO.des3_cbc_pkcs5,
key => utl_encode.base64_decode(utl_raw.cast_to_raw('IqrbJkR9h7VQsVWk12T60A==') )
);
dbms_output.put_line( UTL_I18N.RAW_TO_CHAR(l_decrypted,'AL32UTF8'));
END;
/
/*
actual result:
Error report -
ORA-28817: PL/SQL function returned an error.
ORA-06512: at "SYS.DBMS_CRYPTO_FFI", line 67
ORA-06512: at "SYS.DBMS_CRYPTO", line 44
ORA-06512: at line 4
28817. 00000 - "PL/SQL function returned an error."
*Cause: A PL/SQL function returned an error unexpectedly.
*Action: This is an internal error. Enable tracing to find more
information. Contact Oracle customer support if needed.
*Document: NO
expected result: ID:5031743749436704
*/
Oracle的DBMS_加密包不支持PKCS7
是您的一个选项。Oracle的DBMS\u加密软件包不支持PKCS7
是您的一个选项。正如Mark所说,
dbms\u crypto当前不支持PKCS7
要回答PKCS5代码为何失败并出现错误“一个PL/SQL函数意外返回了一个错误”(无可否认是没有帮助的),您案例中的问题是,您为转换src
和key
参数的值而调用的函数不太正确。您不需要调用utl\u encode.base64\u decode
来转换原始键值。此外,传递给src
的值应该与从原始加密原始数据转换为字符串的方式相反,即,为了显示加密值,您调用utl\u encode.base64\u encode
,然后调用utl\u i18n.raw\u to\u char
。要将结果字符串转换回原始值,您需要执行完全相反的操作,即调用utl\u i18n.string\u To\u raw
,然后调用utl\u encode.base64\u decode
以下是一个工作示例:
SET SERVEROUTPUT ON;
DECLARE
l_encrypted RAW(128);
l_decrypted RAW(128);
l_key RAW(128);
BEGIN
l_key := utl_raw.cast_to_raw('IqrbJkR9h7VQsVWk12T60A==');
l_encrypted := dbms_crypto.encrypt(src => utl_raw.cast_to_raw('ID:5031743749436704'),
typ => dbms_crypto.des3_cbc_pkcs5,
key => l_key
);
dbms_output.put_line(
UTL_I18N.RAW_TO_CHAR(
utl_encode.base64_encode(l_encrypted),'AL32UTF8'));
l_encrypted := utl_encode.base64_decode(
utl_i18n.string_to_raw('tKQyG9kMqEMyv28q/dDXfGuWbf+Dnday','AL32UTF8'));
dbms_output.put_line(
UTL_I18N.RAW_TO_CHAR(
utl_encode.base64_encode(l_encrypted),'AL32UTF8'));
l_decrypted := dbms_crypto.decrypt(src => l_encrypted,
typ => DBMS_CRYPTO.des3_cbc_pkcs5,
key => l_key
);
dbms_output.put_line( UTL_I18N.RAW_TO_CHAR(l_decrypted,'AL32UTF8'));
END;
/
tKQyG9kMqEMyv28q/dDXfGuWbf+Dnday
tKQyG9kMqEMyv28q/dDXfGuWbf+Dnday
ID:5031743749436704
正如Mark所说,dbms\u crypto
目前不支持PKCS7
要回答PKCS5代码为何失败并出现错误“一个PL/SQL函数意外返回了一个错误”(无可否认是没有帮助的),您案例中的问题是,您为转换src
和key
参数的值而调用的函数不太正确。您不需要调用utl\u encode.base64\u decode
来转换原始键值。此外,传递给src
的值应该与从原始加密原始数据转换为字符串的方式相反,即,为了显示加密值,您调用utl\u encode.base64\u encode
,然后调用utl\u i18n.raw\u to\u char
。要将结果字符串转换回原始值,您需要执行完全相反的操作,即调用utl\u i18n.string\u To\u raw
,然后调用utl\u encode.base64\u decode
以下是一个工作示例:
SET SERVEROUTPUT ON;
DECLARE
l_encrypted RAW(128);
l_decrypted RAW(128);
l_key RAW(128);
BEGIN
l_key := utl_raw.cast_to_raw('IqrbJkR9h7VQsVWk12T60A==');
l_encrypted := dbms_crypto.encrypt(src => utl_raw.cast_to_raw('ID:5031743749436704'),
typ => dbms_crypto.des3_cbc_pkcs5,
key => l_key
);
dbms_output.put_line(
UTL_I18N.RAW_TO_CHAR(
utl_encode.base64_encode(l_encrypted),'AL32UTF8'));
l_encrypted := utl_encode.base64_decode(
utl_i18n.string_to_raw('tKQyG9kMqEMyv28q/dDXfGuWbf+Dnday','AL32UTF8'));
dbms_output.put_line(
UTL_I18N.RAW_TO_CHAR(
utl_encode.base64_encode(l_encrypted),'AL32UTF8'));
l_decrypted := dbms_crypto.decrypt(src => l_encrypted,
typ => DBMS_CRYPTO.des3_cbc_pkcs5,
key => l_key
);
dbms_output.put_line( UTL_I18N.RAW_TO_CHAR(l_decrypted,'AL32UTF8'));
END;
/
tKQyG9kMqEMyv28q/dDXfGuWbf+Dnday
tKQyG9kMqEMyv28q/dDXfGuWbf+Dnday
ID:5031743749436704
谢谢,我甚至尝试过使用它,它将对源数据进行填充/修剪;但是如何为“typ”提供参数呢?解密时如何解决错误?这篇文章没有给出太多的细节。@ajmalmhd04,typ
参数只是告诉dbms\u crypto
应该使用什么类型的加密。由于建议的选项不涉及使用dbms\u crypto
,并且只支持一种类型的加密(PKCS7),因此没有理由或需要指定类型。感谢Mark和@Jeffrey的解释。谢谢,我甚至尝试过使用它,这将对源数据进行填充/修剪;但是如何为“typ”提供参数呢?解密时如何解决错误?这篇文章没有给出太多的细节。@ajmalmhd04,typ
参数只是告诉dbms\u crypto
应该使用什么类型的加密。由于建议的选项不涉及使用dbms\u crypto
,并且只支持一种加密类型(PKCS7),因此没有理由或需要指定类型。感谢Mark和@Jeffrey的解释。感谢Jeffrey的帮助,但不幸的是,该解决方案对我的要求没有帮助。因此,我们计划从客户端本身着手开展这项活动。当然不会——很明显,您需要PKCS7的解决方案。我只是回答你的问题。谢谢Jeffrey的帮助,但不幸的是,这个解决方案对我的要求没有帮助。因此,我们计划从客户端本身着手开展这项活动。当然不会——很明显,您需要PKCS7的解决方案。我只是回答你的问题。