Encrypting Data
After the key is generated, I have to encrypt my data. I do that with the ENCRYPT program in the DBMS_CRYPTO package. As with its DBMS_OBFUSCATION_TOOLKIT encryption cousin, ENCRYPT is overloaded; it provides both function and procedure variants. But in contrast to DBMS_OBFUSCATION_TOOLKIT, this overloading has a purpose in DBMS_CRYPTO. The function variant accepts only a RAW datatype as an input value, while the procedure variant accepts only CLOB and BLOB as input values.
Let’s look at the simplest case of RAW encryption in the ENCRYPT function . Here is the declaration of the function:
DBMS_CRYPTO.encrypt(
src in raw,
typ in pls_integer,
key in raw,
iv in raw default null)
return raw;You should already be familiar with three of these parameters:
- src
The input value to be encrypted
- key
The encryption key
- iv
The initialization vector.
The second parameter, typ, however, is new and requires a more detailed explanation.
Specifying the encryption type
The DBMS_OBFUSCATION_TOOLKIT and DBMS_CRYPTO packages differ in how they allow you to select the type of encryption. DBMS_OBFUSCATION_TOOLKIT provides specific functions (and corresponding procedures) for each algorithm—for example, DESENCRYPT for DES and DES3ENCRYPT for Triple DES. DBMS_CRYPTO, on the other hand, provides only a single function, and the encryption type is specified via a parameter. Table 4-3 shows the algorithms available in the encryption process and their corresponding constants. You specify the desired ...
Get Oracle PL/SQL for DBAs now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
