Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17


DES3 implementation in oracle and java

Posted on 2004-09-01
Medium Priority
Last Modified: 2007-12-19
If the same sequence of bytes is to used to create a DES3 key in java and in ORacle would they yield the same results.

For instance we are encrypting data in java using des3 and want to load the data into Oracle.  ORacle des3 utilities will be used to decyrpt this data.

I am wondering would this work, would  these yield the same results?
Question by:inzaghi
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
  • 2
  • +1
LVL 23

Expert Comment

ID: 11955264
I think so, I have reasons to believe that Oracle dbms_obfuscation_toolkit is using Java api under the cover.

but isn't it too hard to test , right?
My java skill is failing me, otherwise, I can write a test case for you...

but To test the decryption, calling Oracle dbms_obfuscation_toolkit is real easy.


Accepted Solution

bvanderveen earned 1000 total points
ID: 11955268
See my  comments on your question in the java section.  This should work, because DES3 is a standard algorithm.  Don't assume it isn't working if the encrypted values aren't the same, because they often aren't, even when generated with the same algorithm.  

Due to the way encryption works, the hash generated will differe from time to time, but it will decrypt the same.

If there are differences, you can load the java class (may need mod to have static method) into Oracle db and run as a java stored procedure to have identical procedures.  But, I suspect DES3 is already implemented with java in Oracle anyway.
LVL 48

Expert Comment

ID: 11960919
Do not expect same codding even if you use the same encryption key.
I do not believe that Java is the only used language in Oracle to implement DES3.
Passwords in Oracle are encrypted using this standard and i am sure the
are decoded using C.
DES3 is a standard for encryption, it is not Java tool, class, etc.
Veeam Task Manager for Hyper-V

Task Manager for Hyper-V provides critical information that allows you to monitor Hyper-V performance by displaying real-time views of CPU and memory at the individual VM-level, so you can quickly identify which VMs are using host resources.


Author Comment

ID: 11962072
Does that mean if we encrypt someting using java des3 and before we load it to a oracle database we must decrypt the data first using java des3 and then encrypt using oracle des3.

I am concerned that loading data into a oracle data base that has been encrypted using java des3 will not be able to be decrypted with oracle 9i des3 utilities using the same key that was used for the java des3 encryption?

Expert Comment

ID: 11963133
>.Does that mean if we encrypt someting using java des3 and before we load it to a oracle database we must decrypt the data first using java des3 and then encrypt using >>oracle des3.

>>I am concerned that loading data into a oracle data base that has been encrypted using java des3 will not be able to be decrypted with oracle 9i des3 utilities using the >>same key that was used for the java des3 encryption?

I don't think this will be a problem.  DES3 is a standard algorithm - it should work the same in any implementation.  And, I'll bet Oracle's implementation is already written in java.  So you should be able to decrypt in Oracle using the same key.

What we have been trying to say, is that the encrypted output may not be the same - encryption algorithms have a "randomness" in them to prevent them from being easily cracked.  Encrypting twice in java will probably yield 2 different results, but they will both decrypt back to the same value.  DES3 is not a simple substitution cipher.

More than this, is over my head.  I suggest you try it - encrypt a phrase in java, decrypt with Oracle.  You shouldn't have any problems with this.
LVL 23

Assisted Solution

seazodiac earned 1000 total points
ID: 11963209

you are a java person, right?

why don't you do a test and see for yourself?

I am not a java developer, but come up with a test case is very simple:

like bvanderveen said:

public class TestEncrypt{

public static void main (Strings[] args) {
   call java DES3 method here();

compile this class and

run java TestEncrypt "HelloWorld"

this will encrypt "helloworld" in DES3 format.

now in database,
create a table:

create table test (message varchar2(100));

insert the encrypted string into this table.

then use DBMS_OBFUSCATION_TOOLKIT to decrypt it.

see for yourself...


Author Comment

ID: 12005914
WE have ran a test for this. Encrypted a value in java and try to decrypt in oracle and we do not get the same results.  This is really fustrating.

Any ideas would be really apreciated.

Expert Comment

ID: 12006218
First, the dbms_obfustication_toolkit provides different overloaded methods for encrypting and decrypting, dependingon the type of data being encrypted - raw or string.  Make sure you are using the appropriate method.

At this point, I would open a TAR with Oracle.  Since DES3 is a standard, and you can't get to the source for dbms_obfustication_toolkit (other than the spec), you will need assistance from Oracle as to why this isn't working.

All else failing, I would port one of the two methods to the other system.  You can create a Java Stored Procedure in Oracle from you DES3 source code (you may have to create a static method for it to be callable in Oracle).  Then you will have the same package encrypting and decrypting.


Featured Post

 [eBook] Windows Nano Server

Download this FREE eBook and learn all you need to get started with Windows Nano Server, including deployment options, remote management
and troubleshooting tips and tricks

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Introduction A previously published article on Experts Exchange ("Joins in Oracle", makes a statement about "Oracle proprietary" joins and mixes the join syntax with gen…
Have you ever had to make fundamental changes to a table in Oracle, but haven't been able to get any downtime?  I'm talking things like: * Dropping columns * Shrinking allocated space * Removing chained blocks and restoring the PCTFREE * Re-or…
This video shows information on the Oracle Data Dictionary, starting with the Oracle documentation, explaining the different types of Data Dictionary views available by group and permissions as well as giving examples on how to retrieve data from th…
This video shows how to Export data from an Oracle database using the Datapump Export Utility.  The corresponding Datapump Import utility is also discussed and demonstrated.

715 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question