Solved

Decrypt PL/SQL DESEncrypted String in Java

Posted on 2008-10-10
1
1,990 Views
Last Modified: 2012-05-05
Hi all,

I am  trying to decrypt a string in Java Code which was encrypted using DBMS_OBFUSCATION_TOOLKIT in Oracle PL/SQL procedure.

Byte Key used in Java code is of format:
SecretKeySpec key = new SecretKeySpec(new byte[] { 1, 2, 3, 4, 5, 6, 7,
                        8, 9, 10 }, "DESede")
IV is as follows in Java;
byte[] initVector = { 8, 7, 6, 5, 4, 3, 2, 1 };

The values decrypted/encrypted are not same. I know I am making some goof up while using byte arrays in Oracle. Could you please either point me to an explanation as to how byte array keys should be used in PL/SQL or what is the best way to go about the encryption/decryption.

Please do let me know if additional info is requiered.

Thanks
CREATE OR REPLACE PROCEDURE testharidecrypt AS
 
BEGIN
 
   DECLARE
 
      l_key_vc    VARCHAR2 (40)  := '123456789a'; //hexadecimal values Key
 
      l_iv_vc     VARCHAR2 (8)   := '87654321'; 
 
      str         VARCHAR (2000) := 'somelogin';//string to be decrypted
 
      crypt_raw   RAW (2000);
 
      crypt_str   VARCHAR (2000);
 
      l           INTEGER        := LENGTH (str);
 
      i           INTEGER;
 
      padblock    RAW (2000);
 
   BEGIN
 
      l_key_vc := HEXTORAW (l_key_vc);
 
      l_iv_vc := HEXTORAW (l_iv_vc);
 
      i := 8 - MOD (l, 8);
 
      DBMS_OUTPUT.put_line ('i: ' || i);
 
      padblock := UTL_RAW.cast_to_raw (str || RPAD (CHR (i), i, CHR (i)));
 
      DBMS_OUTPUT.put_line ('str: ' || str);
 
      DBMS_OUTPUT.put_line ('padblock: ' || padblock);
 
      DBMS_OBFUSCATION_TOOLKIT.des3encrypt
 
                               (input_string          => padblock,
 
                                key_string            => l_key_vc,
 
                                which                 => DBMS_OBFUSCATION_TOOLKIT.twokeymode,
 
                                iv_string             => l_iv_vc,
 
                                encrypted_string      => crypt_raw
 
                               );
 
--     crypt_str := UTL_RAW.cast_to_varchar2 (crypt_str);
 
      DBMS_OUTPUT.put_line ('Encrypted String:' || crypt_raw);
 
--      l := LENGTH (crypt_str);
 
  --    crypt_str := RPAD (crypt_str, l - ASCII (SUBSTR (crypt_str, l)));
 
      DBMS_OUTPUT.put_line ('Encrypted String:' || crypt_raw);
 
   END;
 
END;

Open in new window

0
Comment
Question by:priyaaaank
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
1 Comment
 
LVL 48

Accepted Solution

by:
schwertner earned 250 total points
ID: 22687659
Java DES and Oracle DES are different.

it will be better to use Oracle stored procedure called from java to decrypt.

How to call PL/SQL stored procedure from Java

===============================================================
Invoking PL/SQL stored procedure from a Java class
using JDBC thin driver

Works fine on Jdeveloper
===============================================================


Store this Oracle PL/SQL procedure under scott/tiger account.
It has 2 IN parameters and 2 OUT parameters.


CREATE OR REPLACE PROCEDURE fitnes_selector
       (p_p1 IN INTEGER,
        p_p2 IN VARCHAR2,
        p_p3 OUT INTEGER,
        p_p4 OUT VARCHAR2)
IS
BEGIN
   p_p3 := p_p1 + 10;
   p_p4 := p_p2 || '   '  || 'ADDITIONAL STRING';
END;
/


This java class will invoke the procedure above using
Oracle JDBC thin driver.


import java.sql.*;
import oracle.jdbc.pool.OracleDataSource;

class StProcExample {
     public static void main(String[] args)
     throws SQLException {
     int ret_code;
     try {
          System.out.println("Begin of the play  ");
          // Create DataSource and connect to the local database
          OracleDataSource ods = new OracleDataSource();
          ods.setURL("jdbc:oracle:thin:@//oralin3:1521/phr7b");
          ods.setUser("scott");
          ods.setPassword("tiger");
          Connection conn = ods.getConnection();

          // Invoke stored procedure
            int  p1 = 10;
            String p2;
            p2 = "Fitness";
            int  p3;
            String p4;
            CallableStatement pstmt = conn.prepareCall("{call fitnes_selector(?,?,?,?)}");
            pstmt.setInt(1, p1);
            pstmt.setString(2, p2);
            pstmt.registerOutParameter(3, Types.INTEGER);
            pstmt.registerOutParameter(4, Types.VARCHAR);
            System.out.println("Midlle of the play  ");
            pstmt.executeUpdate();

            int o_empno = pstmt.getInt(3);
            String o_ename = pstmt.getString(4);

           System.out.print("The returned values are "
                             +o_empno +" "+ o_ename);
           pstmt.close();
           conn.close();
        }
    catch  (SQLException e)
            { ret_code = e.getErrorCode();
              System.out.println(ret_code + "  " + e.getMessage());
            }
                      }
     }
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Using SQL Scripts we can save all the SQL queries as files that we use very frequently on our database later point of time. This is one of the feature present under SQL Workshop in Oracle Application Express.
Shell script to create broker configuration file using current broker Configuration, solely for purpose of backup on Linux. Script may need to be modified depending on OS-installation. Please deploy and verify the script in a test environment.
This video shows how to configure and send email from and Oracle database using both UTL_SMTP and UTL_MAIL, as well as comparing UTL_SMTP to a manual SMTP conversation with a mail server.
This tutorial covers a practical example of lazy loading technique and early loading technique in a Singleton Design Pattern.

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question