Solved

Decrypt PL/SQL DESEncrypted String in Java

Posted on 2008-10-10
1
1,905 Views
Last Modified: 2012-05-05
Hi all,

I am  trying to decrypt a string in Java Code which was encrypted using DBMS_OBFUSCATION_TOOLKIT in Oracle PL/SQL procedure.

Byte Key used in Java code is of format:
SecretKeySpec key = new SecretKeySpec(new byte[] { 1, 2, 3, 4, 5, 6, 7,
                        8, 9, 10 }, "DESede")
IV is as follows in Java;
byte[] initVector = { 8, 7, 6, 5, 4, 3, 2, 1 };

The values decrypted/encrypted are not same. I know I am making some goof up while using byte arrays in Oracle. Could you please either point me to an explanation as to how byte array keys should be used in PL/SQL or what is the best way to go about the encryption/decryption.

Please do let me know if additional info is requiered.

Thanks
CREATE OR REPLACE PROCEDURE testharidecrypt AS
 

BEGIN
 

   DECLARE
 

      l_key_vc    VARCHAR2 (40)  := '123456789a'; //hexadecimal values Key
 

      l_iv_vc     VARCHAR2 (8)   := '87654321'; 
 

      str         VARCHAR (2000) := 'somelogin';//string to be decrypted
 

      crypt_raw   RAW (2000);
 

      crypt_str   VARCHAR (2000);
 

      l           INTEGER        := LENGTH (str);
 

      i           INTEGER;
 

      padblock    RAW (2000);
 

   BEGIN
 

      l_key_vc := HEXTORAW (l_key_vc);
 

      l_iv_vc := HEXTORAW (l_iv_vc);
 

      i := 8 - MOD (l, 8);
 

      DBMS_OUTPUT.put_line ('i: ' || i);
 

      padblock := UTL_RAW.cast_to_raw (str || RPAD (CHR (i), i, CHR (i)));
 

      DBMS_OUTPUT.put_line ('str: ' || str);
 

      DBMS_OUTPUT.put_line ('padblock: ' || padblock);
 

      DBMS_OBFUSCATION_TOOLKIT.des3encrypt
 

                               (input_string          => padblock,
 

                                key_string            => l_key_vc,
 

                                which                 => DBMS_OBFUSCATION_TOOLKIT.twokeymode,
 

                                iv_string             => l_iv_vc,
 

                                encrypted_string      => crypt_raw
 

                               );
 

--     crypt_str := UTL_RAW.cast_to_varchar2 (crypt_str);
 

      DBMS_OUTPUT.put_line ('Encrypted String:' || crypt_raw);
 

--      l := LENGTH (crypt_str);
 

  --    crypt_str := RPAD (crypt_str, l - ASCII (SUBSTR (crypt_str, l)));
 

      DBMS_OUTPUT.put_line ('Encrypted String:' || crypt_raw);
 

   END;
 

END;

Open in new window

0
Comment
Question by:priyaaaank
1 Comment
 
LVL 47

Accepted Solution

by:
schwertner earned 250 total points
ID: 22687659
Java DES and Oracle DES are different.

it will be better to use Oracle stored procedure called from java to decrypt.

How to call PL/SQL stored procedure from Java

===============================================================
Invoking PL/SQL stored procedure from a Java class
using JDBC thin driver

Works fine on Jdeveloper
===============================================================


Store this Oracle PL/SQL procedure under scott/tiger account.
It has 2 IN parameters and 2 OUT parameters.


CREATE OR REPLACE PROCEDURE fitnes_selector
       (p_p1 IN INTEGER,
        p_p2 IN VARCHAR2,
        p_p3 OUT INTEGER,
        p_p4 OUT VARCHAR2)
IS
BEGIN
   p_p3 := p_p1 + 10;
   p_p4 := p_p2 || '   '  || 'ADDITIONAL STRING';
END;
/


This java class will invoke the procedure above using
Oracle JDBC thin driver.


import java.sql.*;
import oracle.jdbc.pool.OracleDataSource;

class StProcExample {
     public static void main(String[] args)
     throws SQLException {
     int ret_code;
     try {
          System.out.println("Begin of the play  ");
          // Create DataSource and connect to the local database
          OracleDataSource ods = new OracleDataSource();
          ods.setURL("jdbc:oracle:thin:@//oralin3:1521/phr7b");
          ods.setUser("scott");
          ods.setPassword("tiger");
          Connection conn = ods.getConnection();

          // Invoke stored procedure
            int  p1 = 10;
            String p2;
            p2 = "Fitness";
            int  p3;
            String p4;
            CallableStatement pstmt = conn.prepareCall("{call fitnes_selector(?,?,?,?)}");
            pstmt.setInt(1, p1);
            pstmt.setString(2, p2);
            pstmt.registerOutParameter(3, Types.INTEGER);
            pstmt.registerOutParameter(4, Types.VARCHAR);
            System.out.println("Midlle of the play  ");
            pstmt.executeUpdate();

            int o_empno = pstmt.getInt(3);
            String o_ename = pstmt.getString(4);

           System.out.print("The returned values are "
                             +o_empno +" "+ o_ename);
           pstmt.close();
           conn.close();
        }
    catch  (SQLException e)
            { ret_code = e.getErrorCode();
              System.out.println(ret_code + "  " + e.getMessage());
            }
                      }
     }
0

Featured Post

Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

Join & Write a Comment

Introduction A previously published article on Experts Exchange ("Joins in Oracle", http://www.experts-exchange.com/Database/Oracle/A_8249-Joins-in-Oracle.html) makes a statement about "Oracle proprietary" joins and mixes the join syntax with gen…
Java Flight Recorder and Java Mission Control together create a complete tool chain to continuously collect low level and detailed runtime information enabling after-the-fact incident analysis. Java Flight Recorder is a profiling and event collectio…
Video by: Steve
Using examples as well as descriptions, step through each of the common simple join types, explaining differences in syntax, differences in expected outputs and showing how the queries run along with the actual outputs based upon a simple set of dem…
The viewer will learn how to implement Singleton Design Pattern in Java.

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now