Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

Decrypt PL/SQL DESEncrypted String in Java

Posted on 2008-10-10
1
1,976 Views
Last Modified: 2012-05-05
Hi all,

I am  trying to decrypt a string in Java Code which was encrypted using DBMS_OBFUSCATION_TOOLKIT in Oracle PL/SQL procedure.

Byte Key used in Java code is of format:
SecretKeySpec key = new SecretKeySpec(new byte[] { 1, 2, 3, 4, 5, 6, 7,
                        8, 9, 10 }, "DESede")
IV is as follows in Java;
byte[] initVector = { 8, 7, 6, 5, 4, 3, 2, 1 };

The values decrypted/encrypted are not same. I know I am making some goof up while using byte arrays in Oracle. Could you please either point me to an explanation as to how byte array keys should be used in PL/SQL or what is the best way to go about the encryption/decryption.

Please do let me know if additional info is requiered.

Thanks
CREATE OR REPLACE PROCEDURE testharidecrypt AS
 
BEGIN
 
   DECLARE
 
      l_key_vc    VARCHAR2 (40)  := '123456789a'; //hexadecimal values Key
 
      l_iv_vc     VARCHAR2 (8)   := '87654321'; 
 
      str         VARCHAR (2000) := 'somelogin';//string to be decrypted
 
      crypt_raw   RAW (2000);
 
      crypt_str   VARCHAR (2000);
 
      l           INTEGER        := LENGTH (str);
 
      i           INTEGER;
 
      padblock    RAW (2000);
 
   BEGIN
 
      l_key_vc := HEXTORAW (l_key_vc);
 
      l_iv_vc := HEXTORAW (l_iv_vc);
 
      i := 8 - MOD (l, 8);
 
      DBMS_OUTPUT.put_line ('i: ' || i);
 
      padblock := UTL_RAW.cast_to_raw (str || RPAD (CHR (i), i, CHR (i)));
 
      DBMS_OUTPUT.put_line ('str: ' || str);
 
      DBMS_OUTPUT.put_line ('padblock: ' || padblock);
 
      DBMS_OBFUSCATION_TOOLKIT.des3encrypt
 
                               (input_string          => padblock,
 
                                key_string            => l_key_vc,
 
                                which                 => DBMS_OBFUSCATION_TOOLKIT.twokeymode,
 
                                iv_string             => l_iv_vc,
 
                                encrypted_string      => crypt_raw
 
                               );
 
--     crypt_str := UTL_RAW.cast_to_varchar2 (crypt_str);
 
      DBMS_OUTPUT.put_line ('Encrypted String:' || crypt_raw);
 
--      l := LENGTH (crypt_str);
 
  --    crypt_str := RPAD (crypt_str, l - ASCII (SUBSTR (crypt_str, l)));
 
      DBMS_OUTPUT.put_line ('Encrypted String:' || crypt_raw);
 
   END;
 
END;

Open in new window

0
Comment
Question by:priyaaaank
1 Comment
 
LVL 48

Accepted Solution

by:
schwertner earned 250 total points
ID: 22687659
Java DES and Oracle DES are different.

it will be better to use Oracle stored procedure called from java to decrypt.

How to call PL/SQL stored procedure from Java

===============================================================
Invoking PL/SQL stored procedure from a Java class
using JDBC thin driver

Works fine on Jdeveloper
===============================================================


Store this Oracle PL/SQL procedure under scott/tiger account.
It has 2 IN parameters and 2 OUT parameters.


CREATE OR REPLACE PROCEDURE fitnes_selector
       (p_p1 IN INTEGER,
        p_p2 IN VARCHAR2,
        p_p3 OUT INTEGER,
        p_p4 OUT VARCHAR2)
IS
BEGIN
   p_p3 := p_p1 + 10;
   p_p4 := p_p2 || '   '  || 'ADDITIONAL STRING';
END;
/


This java class will invoke the procedure above using
Oracle JDBC thin driver.


import java.sql.*;
import oracle.jdbc.pool.OracleDataSource;

class StProcExample {
     public static void main(String[] args)
     throws SQLException {
     int ret_code;
     try {
          System.out.println("Begin of the play  ");
          // Create DataSource and connect to the local database
          OracleDataSource ods = new OracleDataSource();
          ods.setURL("jdbc:oracle:thin:@//oralin3:1521/phr7b");
          ods.setUser("scott");
          ods.setPassword("tiger");
          Connection conn = ods.getConnection();

          // Invoke stored procedure
            int  p1 = 10;
            String p2;
            p2 = "Fitness";
            int  p3;
            String p4;
            CallableStatement pstmt = conn.prepareCall("{call fitnes_selector(?,?,?,?)}");
            pstmt.setInt(1, p1);
            pstmt.setString(2, p2);
            pstmt.registerOutParameter(3, Types.INTEGER);
            pstmt.registerOutParameter(4, Types.VARCHAR);
            System.out.println("Midlle of the play  ");
            pstmt.executeUpdate();

            int o_empno = pstmt.getInt(3);
            String o_ename = pstmt.getString(4);

           System.out.print("The returned values are "
                             +o_empno +" "+ o_ename);
           pstmt.close();
           conn.close();
        }
    catch  (SQLException e)
            { ret_code = e.getErrorCode();
              System.out.println(ret_code + "  " + e.getMessage());
            }
                      }
     }
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
migration MS SQL database to Oracle 30 68
oracle date format checking 7 26
Setup GlassFish 4 22
learn programming 8 42
How to Create User-Defined Aggregates in Oracle Before we begin creating these things, what are user-defined aggregates?  They are a feature introduced in Oracle 9i that allows a developer to create his or her own functions like "SUM", "AVG", and…
Introduction This article is the second of three articles that explain why and how the Experts Exchange QA Team does test automation for our web site. This article covers the basic installation and configuration of the test automation tools used by…
This video shows how to recover a database from a user managed backup
This tutorial covers a practical example of lazy loading technique and early loading technique in a Singleton Design Pattern.

829 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question