DECRYPT v11
The DECRYPT
function or procedure decrypts data using a user-specified cipher algorithm, key and optional initialization vector. The signature of the DECRYPT
function is:
The signature of the DECRYPT
procedure is:
or
When invoked as a procedure, DECRYPT
returns BLOB
or CLOB
data to a user-specified BLOB
.
Parameters
dst
dst
specifies the name of a BLOB
to which the output of the DECRYPT
procedure will be written. The DECRYPT
procedure will overwrite any existing data currently in dst
.
src
src
specifies the source data that will be decrypted. If you are invoking DECRYPT
as a function, specify RAW
data; if invoking DECRYPT
as a procedure, specify BLOB
or CLOB
data.
typ
typ
specifies the block cipher type and any modifiers. This should match the type specified when the src
was encrypted. Advanced Server supports the following block cipher algorithms, modifiers and cipher suites:
Block Cipher Algorithms | |
---|---|
ENCRYPT_DES | CONSTANT INTEGER := 1; |
ENCRYPT_3DES | CONSTANT INTEGER := 3; |
ENCRYPT_AES | CONSTANT INTEGER := 4; |
ENCRYPT_AES128 | CONSTANT INTEGER := 6; |
Block Cipher Modifiers | |
CHAIN_CBC | CONSTANT INTEGER := 256; |
CHAIN_ECB | CONSTANT INTEGER := 768; |
Block Cipher Padding Modifiers | |
PAD_PKCS5 | CONSTANT INTEGER := 4096; |
PAD_NONE | CONSTANT INTEGER := 8192; |
Block Cipher Suites | |
DES_CBC_PKCS5 | CONSTANT INTEGER := ENCRYPT_DES + CHAIN_CBC + PAD_PKCS5; |
DES3_CBC_PKCS5 | CONSTANT INTEGER := ENCRYPT_3DES + CHAIN_CBC + PAD_PKCS5; |
AES_CBC_PKCS5 | CONSTANT INTEGER := ENCRYPT_AES + CHAIN_CBC + PAD_PKCS5; |
key
key
specifies the user-defined decryption key. This should match the key specified when the src
was encrypted.
iv
iv
(optional) specifies an initialization vector. If an initialization vector was specified when the src
was encrypted, you must specify an initialization vector when decrypting the src
. The default is NULL
.
Examples
The following example uses the DBMS_CRYPTO.DECRYPT
function to decrypt an encrypted password retrieved from the passwords
table:
Note that when calling DECRYPT
, you must pass the same cipher type, key value and initialization vector that was used when ENCRYPTING
the target.