L00M
asked on
How can I apply RC4 encryption to a string?
Within PL/SQL, I'll be creating some web content and streaming that to the browser. However, I want to implement a single sign on between my PL/SQL application and a 3rd party app. To do so, I'd like to encrypt the userID and key using RC4 encryption, and pass those in the query string. Within the 3rd party app (classic asp), I'll decrypt those variables and automate the login.
How do I use the SYS.dbms_crypto_toolkit to encrypt a string? Or is this even possible?
We are using Oracle 9i.
Code snippets welcome!
How do I use the SYS.dbms_crypto_toolkit to encrypt a string? Or is this even possible?
We are using Oracle 9i.
Code snippets welcome!
the crypto toolkit is only in 10g and up. in 9i you still have the obfuscation toolkit which doesn't have rc4
ASKER
I'm looking at the package in TOAD, in 9i:
SYS.dbms_crypto_toolkit
It's available. I just can't find any sample code.
If it was incomplete or unusable in 9i. What are my alternatives? I found some dead links to a third parth package.... but that's it.
Thanks
SYS.dbms_crypto_toolkit
It's available. I just can't find any sample code.
If it was incomplete or unusable in 9i. What are my alternatives? I found some dead links to a third parth package.... but that's it.
Thanks
hmmm, I couldn't find any reference to it in the 9i pl/sql reference.
go to the 10g docs and you can find information about the package.
Never used it in 9i though.
go to the 10g docs and you can find information about the package.
Never used it in 9i though.
ASKER
@sdstuber:
I've found evidence that the crypto package has been available since 8.1.6, but I think it was broken after initial release:
New features in Oracle 8i (8.1.6)
PL/SQL Server Pages (PSP's)
Oracle DBA Studio Introduced
New SQL analytic Functions (rank, moving average)
Alter table xxx storage (freelists) command supported
Java XML parser
PL/SQL dbms_crypto_toolkit encryption package
Perhaps it is still broken in 9i.
@schwertner, looking at that link you sent, I see the following in code:
DBMS_OBFUSCATION_TOOLKIT.d esencrypt
At first glance, it seems that's using DES encryption. Due to constraints of the project, I have to use RC4.
I've found evidence that the crypto package has been available since 8.1.6, but I think it was broken after initial release:
New features in Oracle 8i (8.1.6)
PL/SQL Server Pages (PSP's)
Oracle DBA Studio Introduced
New SQL analytic Functions (rank, moving average)
Alter table xxx storage (freelists) command supported
Java XML parser
PL/SQL dbms_crypto_toolkit encryption package
Perhaps it is still broken in 9i.
@schwertner, looking at that link you sent, I see the following in code:
DBMS_OBFUSCATION_TOOLKIT.d
At first glance, it seems that's using DES encryption. Due to constraints of the project, I have to use RC4.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
We are in the process of upgrading to 10g, but that's out of my hands. Our DBA is in charge of that. I'm just a code jockey. ;)
I'm not terribly familiar with Oracle... just getting started. Can you show me an example of a java stored procedure? Or how to implement that?
I'm not terribly familiar with Oracle... just getting started. Can you show me an example of a java stored procedure? Or how to implement that?
ASKER
I've opened a new question concerning this matter here:
https://www.experts-exchange.com/questions/22985396/I-need-to-encrypt-a-text-string-in-Oracle-and-decrypt-it-using-classic-ASP.html
Thanks for your help here!
https://www.experts-exchange.com/questions/22985396/I-need-to-encrypt-a-text-string-in-Oracle-and-decrypt-it-using-classic-ASP.html
Thanks for your help here!
basically to use java in oracle you take your java class as you would write it anywhere else and stick "CREATE OR REPLACE AND RESOLVE JAVA SOURCE NAMED xxxxx AS" in front of it.
xxxxx equals the class you're exposing
then you declare a pl/sql procedure or function to wrap around the java code. This is referred to as "publishing" the java
Here's a simple example....
CREATE OR REPLACE AND RESOLVE JAVA SOURCE NAMED "SimpleMath" AS
public class SimpleMath {
public static int add(int a, int b) {
return a+b;
}
}
/
CREATE OR REPLACE FUNCTION addition(a NUMBER, b NUMBER)
RETURN NUMBER
AS
LANGUAGE JAVA
NAME 'SimpleMath.add(int, int) return int';
/
select addition(5,7) from dual;
xxxxx equals the class you're exposing
then you declare a pl/sql procedure or function to wrap around the java code. This is referred to as "publishing" the java
Here's a simple example....
CREATE OR REPLACE AND RESOLVE JAVA SOURCE NAMED "SimpleMath" AS
public class SimpleMath {
public static int add(int a, int b) {
return a+b;
}
}
/
CREATE OR REPLACE FUNCTION addition(a NUMBER, b NUMBER)
RETURN NUMBER
AS
LANGUAGE JAVA
NAME 'SimpleMath.add(int, int) return int';
/
select addition(5,7) from dual;
ASKER
That's a great start!
Thanks!
Thanks!
ASKER
I've been searching, but can't find any examples of using java to create the RC4 SPROC.
Nor do I have the JCE installed. Any chance you could provide the code for that? I'll gladly open another question for you.
Nor do I have the JCE installed. Any chance you could provide the code for that? I'll gladly open another question for you.
Without the jce I don't know, actually, even with the jce, I really don't know. Sorry, you've exhausted my expertise. Maybe there is some other code in java or some other language that implements the rc4 algorithm and you could copy it. I saw your new question, and if I knew more I'd help there, but I don't know. sorry
ASKER
No worries!
Thanks for getting me on the right track.
Thanks for getting me on the right track.