DES3 implementation in oracle and java

Posted on 2004-09-01
Last Modified: 2007-12-19
If the same sequence of bytes is to used to create a DES3 key in java and in ORacle would they yield the same results.

For instance we are encrypting data in java using des3 and want to load the data into Oracle.  ORacle des3 utilities will be used to decyrpt this data.

I am wondering would this work, would  these yield the same results?
Question by:inzaghi
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
  • 2
  • +1
LVL 23

Expert Comment

ID: 11955264
I think so, I have reasons to believe that Oracle dbms_obfuscation_toolkit is using Java api under the cover.

but isn't it too hard to test , right?
My java skill is failing me, otherwise, I can write a test case for you...

but To test the decryption, calling Oracle dbms_obfuscation_toolkit is real easy.


Accepted Solution

bvanderveen earned 250 total points
ID: 11955268
See my  comments on your question in the java section.  This should work, because DES3 is a standard algorithm.  Don't assume it isn't working if the encrypted values aren't the same, because they often aren't, even when generated with the same algorithm.  

Due to the way encryption works, the hash generated will differe from time to time, but it will decrypt the same.

If there are differences, you can load the java class (may need mod to have static method) into Oracle db and run as a java stored procedure to have identical procedures.  But, I suspect DES3 is already implemented with java in Oracle anyway.
LVL 48

Expert Comment

ID: 11960919
Do not expect same codding even if you use the same encryption key.
I do not believe that Java is the only used language in Oracle to implement DES3.
Passwords in Oracle are encrypted using this standard and i am sure the
are decoded using C.
DES3 is a standard for encryption, it is not Java tool, class, etc.
NFR key for Veeam Agent for Linux

Veeam is happy to provide a free NFR license for one year.  It allows for the non‑production use and valid for five workstations and two servers. Veeam Agent for Linux is a simple backup tool for your Linux installations, both on‑premises and in the public cloud.


Author Comment

ID: 11962072
Does that mean if we encrypt someting using java des3 and before we load it to a oracle database we must decrypt the data first using java des3 and then encrypt using oracle des3.

I am concerned that loading data into a oracle data base that has been encrypted using java des3 will not be able to be decrypted with oracle 9i des3 utilities using the same key that was used for the java des3 encryption?

Expert Comment

ID: 11963133
>.Does that mean if we encrypt someting using java des3 and before we load it to a oracle database we must decrypt the data first using java des3 and then encrypt using >>oracle des3.

>>I am concerned that loading data into a oracle data base that has been encrypted using java des3 will not be able to be decrypted with oracle 9i des3 utilities using the >>same key that was used for the java des3 encryption?

I don't think this will be a problem.  DES3 is a standard algorithm - it should work the same in any implementation.  And, I'll bet Oracle's implementation is already written in java.  So you should be able to decrypt in Oracle using the same key.

What we have been trying to say, is that the encrypted output may not be the same - encryption algorithms have a "randomness" in them to prevent them from being easily cracked.  Encrypting twice in java will probably yield 2 different results, but they will both decrypt back to the same value.  DES3 is not a simple substitution cipher.

More than this, is over my head.  I suggest you try it - encrypt a phrase in java, decrypt with Oracle.  You shouldn't have any problems with this.
LVL 23

Assisted Solution

seazodiac earned 250 total points
ID: 11963209

you are a java person, right?

why don't you do a test and see for yourself?

I am not a java developer, but come up with a test case is very simple:

like bvanderveen said:

public class TestEncrypt{

public static void main (Strings[] args) {
   call java DES3 method here();

compile this class and

run java TestEncrypt "HelloWorld"

this will encrypt "helloworld" in DES3 format.

now in database,
create a table:

create table test (message varchar2(100));

insert the encrypted string into this table.

then use DBMS_OBFUSCATION_TOOLKIT to decrypt it.

see for yourself...


Author Comment

ID: 12005914
WE have ran a test for this. Encrypted a value in java and try to decrypt in oracle and we do not get the same results.  This is really fustrating.

Any ideas would be really apreciated.

Expert Comment

ID: 12006218
First, the dbms_obfustication_toolkit provides different overloaded methods for encrypting and decrypting, dependingon the type of data being encrypted - raw or string.  Make sure you are using the appropriate method.

At this point, I would open a TAR with Oracle.  Since DES3 is a standard, and you can't get to the source for dbms_obfustication_toolkit (other than the spec), you will need assistance from Oracle as to why this isn't working.

All else failing, I would port one of the two methods to the other system.  You can create a Java Stored Procedure in Oracle from you DES3 source code (you may have to create a static method for it to be callable in Oracle).  Then you will have the same package encrypting and decrypting.


Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This post first appeared at Oracleinaction  ( Anju Garg (Myself). I  will demonstrate that undo for DML’s is stored both in undo tablespace and online redo logs. Then, we will analyze the reaso…
Checking the Alert Log in AWS RDS Oracle can be a pain through their user interface.  I made a script to download the Alert Log, look for errors, and email me the trace files.  In this article I'll describe what I did and share my script.
This video shows setup options and the basic steps and syntax for duplicating (cloning) a database from one instance to another. Examples are given for duplicating to the same machine and to different machines
This video shows how to Export data from an Oracle database using the Original Export Utility.  The corresponding Import utility, which works the same way is referenced, but not demonstrated.
Suggested Courses

630 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question