Solved

I need to encrypt a text string in Oracle, and decrypt it using classic ASP

Posted on 2007-11-27
5
2,352 Views
Last Modified: 2013-12-07
Using Oracle 9i and PL/SQL, I need a way to encrypt a string, and pass the encrypted string to classic ASP within a querystring. Once received by ASP, I'll decrypt it and do what I need to do.
What encryption method should I use? I'm been contemplating RC4, but it seems easily cracked. The good news is RC4 is easily implemented within ASP, and is supported by Oracle 10g. For 9i, it seems I'll have to use a java based stored procedure to implement RC4. Please let me know if you have any better solutions for this as well.
0
Comment
Question by:L00M
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
5 Comments
 
LVL 11

Author Comment

by:L00M
ID: 20359709
0
 
LVL 27

Accepted Solution

by:
sujith80 earned 500 total points
ID: 20363595
Oracle supplies a package called DBMS_OBFUSCATION_TOOLKIT to do DES/DES3 encryptions. See the following link for the details.
http://download.oracle.com/docs/cd/B19306_01/appdev.102/b14258/d_obtool.htm#i997215

See an example how to use:

declare
 l_in varchar2(16) := lpad('one',16);
 l_out varchar2(20);
 l_out2 varchar2(20);
 l_key varchar2(8) := 'testtest';
begin
 DBMS_OBFUSCATION_TOOLKIT.DESEncrypt(
   input_string     => l_in ,
   key_string       => l_key ,
   encrypted_string => l_out);

 dbms_output.put_line(l_out);

 DBMS_OBFUSCATION_TOOLKIT.DESDecrypt(
   input_string     => l_out ,
   key_string       => l_key ,
   decrypted_string => l_out2);

 dbms_output.put_line(l_out2);
end;
/
0
 
LVL 11

Author Comment

by:L00M
ID: 20366446
The problem is classic ASP does not support DES or DES3. Currently I'm looking into creating a .NET Interop Com class and expose the encryption routines that way. Of course, every turn is exposing new obstacles. I'll let you know how it goes. But currently it's not looking like there is a ready made solution.
0
 
LVL 27

Expert Comment

by:sujith80
ID: 20372018
As far as I know oracle suports only DES/DES3.
Why dont you move the whole encryption-decryption piece out of oracle and have it as ASP components. I.e. The data gets encrypted and goes in to the database, encrypted data comes out of the database and gets decrypted.
0
 
LVL 11

Author Comment

by:L00M
ID: 20373333
Let me set up the scenario. We have two web sites:
Site A - Runs on Oracle and Unix (PL/SQL)
Site B - Runs on Sybase and Windows (ASP)

Each night a procedure will run to copy the usernames and pin numbers from database A to database B. What we would like to accomplish is to have a user only have to sign in once at site A. Site A will provide links over to Site B. If the user clicks on a Site B link, they will be taken there and not required to log in again.
To accomplish that I wanted to encrypt the username and pin and pass it in the querystring.
However, Site A seems to only support DES, and Site B seems to only support RC4. (Unless I purchase a 3rd party component.)

Does that make sense?
0

Featured Post

Threat Trends for MSPs to Watch

See the findings.
Despite its humble beginnings, phishing has come a long way since those first crudely constructed emails. Today, phishing sites can appear and disappear in the length of a coffee break, and it takes more than a little know-how to keep your clients secure.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Use Mid in Html 6 35
SQL to JSON 14 65
nemesis decryptor - torproject.org 7 165
Passing ASP variables in JQuery 4 52
This post first appeared at Oracleinaction  (http://oracleinaction.com/undo-and-redo-in-oracle/)by Anju Garg (Myself). I  will demonstrate that undo for DML’s is stored both in undo tablespace and online redo logs. Then, we will analyze the reaso…
As a financial services provider, your business is impacted by two of the strictest federal regulations on record: the Sarbanes-Oxley Act and the Gramm-Leach-Bliley Act. Correctly implementing faxing into your organization to provide secure, real-ti…
This video shows how to copy a database user from one database to another user DBMS_METADATA.  It also shows how to copy a user's permissions and discusses password hash differences between Oracle 10g and 11g.
Video by: Steve
Using examples as well as descriptions, step through each of the common simple join types, explaining differences in syntax, differences in expected outputs and showing how the queries run along with the actual outputs based upon a simple set of dem…

739 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question