ENCRYPT v12
The ENCRYPT function or procedure uses a user-specified algorithm, key, and optional initialization vector to encrypt RAW, BLOB or CLOB data. The signature of the ENCRYPT function is:
ENCRYPT (<src> IN RAW, <typ> IN INTEGER, <key> IN RAW, <iv> IN RAW DEFAULT NULL) RETURN RAW
The signature of the ENCRYPT procedure is:
ENCRYPT (<dst> INOUT BLOB, <src> IN BLOB, <typ> IN INTEGER, <key> IN RAW, <iv> IN RAW DEFAULT NULL)
or
ENCRYPT (<dst> INOUT BLOB, <src> IN CLOB, <typ> IN INTEGER, <key> IN RAW, <iv> IN RAW DEFAULT NULL)
When invoked as a procedure, ENCRYPT returns BLOB or CLOB data to a user-specified BLOB.
Parameters
dst
dst specifies the name of a BLOB to which the output of the ENCRYPT procedure will be written. The ENCRYPT procedure will overwrite any existing data currently in dst.
src
src specifies the source data that will be encrypted. If you are invoking ENCRYPT as a function, specify RAW data; if invoking ENCRYPT as a procedure, specify BLOB or CLOB data.
typ
typ specifies the block cipher type that will be used by ENCRYPT, and any modifiers. Advanced Server supports the block cipher algorithms, modifiers and cipher suites listed below:
| Block Cipher Algorithms | |
|---|---|
ENCRYPT_DES | CONSTANT INTEGER := 1; |
ENCRYPT_3DES | CONSTANT INTEGER := 3; |
ENCRYPT_AES | CONSTANT INTEGER := 4; |
ENCRYPT_AES128 | CONSTANT INTEGER := 6; |
| Block Cipher Modifiers | |
CHAIN_CBC | CONSTANT INTEGER := 256; |
CHAIN_ECB | CONSTANT INTEGER := 768; |
| Block Cipher Padding Modifiers | |
PAD_PKCS5 | CONSTANT INTEGER := 4096; |
PAD_NONE | CONSTANT INTEGER := 8192; |
| Block Cipher Suites | |
DES_CBC_PKCS5 | CONSTANT INTEGER := ENCRYPT_DES + CHAIN_CBC + PAD_PKCS5; |
DES3_CBC_PKCS5 | CONSTANT INTEGER := ENCRYPT_3DES + CHAIN_CBC + PAD_PKCS5; |
AES_CBC_PKCS5 | CONSTANT INTEGER := ENCRYPT_AES + CHAIN_CBC + PAD_PKCS5; |
key
key specifies the encryption key.
iv
iv (optional) specifies an initialization vector. By default, iv is NULL.
Examples
The following example uses the DBMS_CRYPTO.DES_CBC_PKCS5 Block Cipher Suite (a pre-defined set of algorithms and modifiers) to encrypt a value retrieved from the passwords table:
CREATE TABLE passwords ( principal VARCHAR2(90) PRIMARY KEY, -- username ciphertext RAW(9) -- encrypted password ); CREATE PROCEDURE set_password(username VARCHAR2, cleartext RAW) AS typ INTEGER := DBMS_CRYPTO.DES_CBC_PKCS5; key RAW(128) := 'my secret key'; iv RAW(100) := 'my initialization vector'; encrypted RAW(2048); BEGIN encrypted := dbms_crypto.encrypt(cleartext, typ, key, iv); UPDATE passwords SET ciphertext = encrypted WHERE principal = username; END;
ENCRYPT uses a key value of my secret key and an initialization vector of my initialization vector when encrypting the password; specify the same key and initialization vector when decrypting the password.