Comments on: .Net Encryption and Oracle Decryption http://javasight.wordpress.com/2008/08/24/net-encryption-and-oracle-decryption/ Technology across minds..... Sat, 07 Nov 2009 05:16:49 +0000 http://wordpress.com/ hourly 1 By: Aleksey http://javasight.wordpress.com/2008/08/24/net-encryption-and-oracle-decryption/#comment-113 Aleksey Thu, 04 Jun 2009 17:25:17 +0000 http://javasight.wordpress.com/?p=54#comment-113 I implemented similar. Just wants to make sure it is same as hextoraw/rawtohex. I implemented similar. Just wants to make sure it is same as hextoraw/rawtohex.

]]> By: Franklin http://javasight.wordpress.com/2008/08/24/net-encryption-and-oracle-decryption/#comment-112 Franklin Thu, 04 Jun 2009 17:23:19 +0000 http://javasight.wordpress.com/?p=54#comment-112 I really cant remember now. It was written by another author. I believe when she is available she will respond. Until then, check out this link http://stackoverflow.com/questions/311165/how-do-you-convert-byte-array-to-hexadecimal-string-and-vice-versa-in-c Hope it helps!! I really cant remember now. It was written by another author. I believe when she is available she will respond.
Until then, check out this link

http://stackoverflow.com/questions/311165/how-do-you-convert-byte-array-to-hexadecimal-string-and-vice-versa-in-c

Hope it helps!!

]]> By: Aleksey http://javasight.wordpress.com/2008/08/24/net-encryption-and-oracle-decryption/#comment-110 Aleksey Thu, 04 Jun 2009 16:28:58 +0000 http://javasight.wordpress.com/?p=54#comment-110 Sorry, but where to get that ByteArrayToHexString function? As I understand it is the same as rawtohex, as well as HexStringToByteArray same as hextoraw? Sorry, but where to get that ByteArrayToHexString function?
As I understand it is the same as rawtohex, as well as HexStringToByteArray same as hextoraw?

]]> By: Suad http://javasight.wordpress.com/2008/08/24/net-encryption-and-oracle-decryption/#comment-49 Suad Fri, 31 Oct 2008 10:01:47 +0000 http://javasight.wordpress.com/?p=54#comment-49 Hi hansw, The line: numpad:=substr(result,length(result)-2); returns the last 2 characters which represent the number of hex characters that have been padded by the .Net padding method (ANSIX923) which is in our example 07. The .Net padding method (ANSIX923) always pad the string your are encrypting even if the string was of the specified block size. Thus the code always gives you the correct answer. Thanks, Suad Hi hansw,

The line:
numpad:=substr(result,length(result)-2);

returns the last 2 characters which represent the number of hex characters that have been padded by the .Net padding method (ANSIX923) which is in our example 07.

The .Net padding method (ANSIX923) always pad the string your are encrypting even if the string was of the specified block size. Thus the code always gives you the correct answer.

Thanks,
Suad

]]> By: Frank http://javasight.wordpress.com/2008/08/24/net-encryption-and-oracle-decryption/#comment-48 Frank Thu, 30 Oct 2008 12:52:55 +0000 http://javasight.wordpress.com/?p=54#comment-48 Hi Nitin, We have also been in the same boat as you are right now. We also tried to override the default behaviour of Oracle DBMS_OBFUSCATION_TOOLKIT but unfortunately it is not supported. However, if you were to use the new package DBMS_CRYPTO which is more powerful and advanced, this does give you these facilities(I guess this is in 10g Oracle DB only). We were encrypting data(in the example above) with C# and decrypting it with PL/SQL. Here C# had PaddingMode.ANSIX923 standard followed. If you read how ANSIX923 padding works with encryption you can easily write your decrypter in PL/SQL. In your case you are encrypting data with PL/SQL. I would suggest that you pad data as per ANSIX923 standard and use C# decryption to decrypt the data. Would work like a charm. Let me know if it works out. Hi Nitin,
We have also been in the same boat as you are right now. We also tried to override the default behaviour of Oracle DBMS_OBFUSCATION_TOOLKIT but unfortunately it is not supported. However, if you were to use the new package DBMS_CRYPTO which is more powerful and advanced, this does give you these facilities(I guess this is in 10g Oracle DB only).

We were encrypting data(in the example above) with C# and decrypting it with PL/SQL. Here C# had PaddingMode.ANSIX923 standard followed. If you read how ANSIX923 padding works with encryption you can easily write your decrypter in PL/SQL.

In your case you are encrypting data with PL/SQL. I would suggest that you pad data as per ANSIX923 standard and use C# decryption to decrypt the data. Would work like a charm. Let me know if it works out.

]]> By: nitin http://javasight.wordpress.com/2008/08/24/net-encryption-and-oracle-decryption/#comment-47 nitin Thu, 30 Oct 2008 12:08:12 +0000 http://javasight.wordpress.com/?p=54#comment-47 Hi, Due to the difference between Oracle and C# I could not decrypt the data on the file, the only possible way is to change the default setting of the Oracle's built-in dbms_obfuscation_toolkit that generates the file, then we can decrypt data by using C#; please help me to find solution. oracle pl/sql code is CREATE OR REPLACE package body sp_crypt as Function encrypt(unencrypted_string in varchar2) return varchar2 Is ls_in_string varchar2(64) := rpad(unencrypted_string,24,' '); ls_key_string varchar2(64) := 'b0st0nrs'; ls_encrypted_string varchar2(256); lr_in_string raw(2048); lr_key raw(2048); Begin If (ls_in_string is NULL) Then return(NULL); Else lr_in_string := utl_raw.cast_to_raw(ls_in_string); lr_key := utl_raw.cast_to_raw(ls_key_string); dbms_obfuscation_toolkit.DESEncrypt(input => lr_in_string, key => lr_key, encrypted_data => ls_encrypted_string); return(ls_encrypted_string); End If; End encrypt; Function decrypt(encrypted_string in varchar2) return varchar2 Is ls_key_string varchar2(64) := 'b0st0nrs'; lr_key raw(2048) := utl_raw.cast_to_raw(ls_key_string); ls_unencrypted_string varchar2(64); Begin If (encrypted_string is NULL) Then return(NULL); Else dbms_obfuscation_toolkit.DESDecrypt(input => encrypted_string, key => lr_key, decrypted_data => ls_unencrypted_string); return(rtrim(utl_raw.cast_to_varchar2(ls_unencrypted_string))); End If; End decrypt; End sp_crypt; / Thanks Nitin Hi,

Due to the difference between Oracle and C# I could not decrypt the data on the file, the only possible way is to change the default setting of the Oracle’s built-in dbms_obfuscation_toolkit that generates the file, then we can decrypt data by using C#;

please help me to find solution. oracle pl/sql code is
CREATE OR REPLACE package body sp_crypt as

Function encrypt(unencrypted_string in varchar2)
return varchar2 Is

ls_in_string varchar2(64) := rpad(unencrypted_string,24,’ ‘);
ls_key_string varchar2(64) := ‘b0st0nrs’;
ls_encrypted_string varchar2(256);
lr_in_string raw(2048);
lr_key raw(2048);

Begin

If (ls_in_string is NULL) Then
return(NULL);
Else
lr_in_string := utl_raw.cast_to_raw(ls_in_string);
lr_key := utl_raw.cast_to_raw(ls_key_string);

dbms_obfuscation_toolkit.DESEncrypt(input => lr_in_string,
key => lr_key,
encrypted_data => ls_encrypted_string);

return(ls_encrypted_string);
End If;

End encrypt;

Function decrypt(encrypted_string in varchar2)
return varchar2 Is

ls_key_string varchar2(64) := ‘b0st0nrs’;
lr_key raw(2048) := utl_raw.cast_to_raw(ls_key_string);
ls_unencrypted_string varchar2(64);

Begin

If (encrypted_string is NULL) Then
return(NULL);
Else
dbms_obfuscation_toolkit.DESDecrypt(input => encrypted_string,
key => lr_key,
decrypted_data => ls_unencrypted_string);

return(rtrim(utl_raw.cast_to_varchar2(ls_unencrypted_string)));
End If;

End decrypt;

End sp_crypt;
/

Thanks
Nitin

]]> By: hansw http://javasight.wordpress.com/2008/08/24/net-encryption-and-oracle-decryption/#comment-42 hansw Wed, 22 Oct 2008 07:23:37 +0000 http://javasight.wordpress.com/?p=54#comment-42 I've found a small bug in your PL/SQL code. The line: numpad:=substr(result,length(result)-2); returns the last three characters, this leed to an error if length of the last block is seven and the last digit of the hex value is != 0. eg if you encrypt strings like '123456#' or 'ABCDEFGH123456#' you can't decrypt them. Change line 11 of your listing to: numpad:=substr(result,length(result)-1); Then everythink works fine! Thanks for your excellent example! ;) I’ve found a small bug in your PL/SQL code.
The line:
numpad:=substr(result,length(result)-2);

returns the last three characters, this leed to an error if length of the last block is seven and the last digit of the hex value is != 0.
eg if you encrypt strings like ‘123456#’ or ‘ABCDEFGH123456#’
you can’t decrypt them.
Change line 11 of your listing to:
numpad:=substr(result,length(result)-1);
Then everythink works fine!

Thanks for your excellent example! ;)

]]> By: chinaman http://javasight.wordpress.com/2008/08/24/net-encryption-and-oracle-decryption/#comment-22 chinaman Thu, 18 Sep 2008 03:44:54 +0000 http://javasight.wordpress.com/?p=54#comment-22 Hi It's better to put reference link Hi
It’s better to put reference link

]]>