适用于PKCS7的Oracle dbms_crypto

时间:2018-10-13 12:57:21

标签: .net oracle plsql oracle11g dbms-crypto

我的要求是执行dbms_crypto工具以解密从DOTNET端加密的表中的加密列。 看起来在dotnet中使用了PKCS7方法,在Oracle中我找不到相应的填充; PKCS5可用。

如果可以从plsql方面获得所需的值,谁能帮助我?

以下给出的点网加密代码:

private static void Encrypt()
{
    byte[] toEncryptArray = UTF8Encoding.UTF8.GetBytes("ID:5031743749436704");
    byte[] keyArray = new byte[16] {
     34,
     170,
     219,
     38,
     68,
     125,
     135,
     181,
     80,
     177,
     85,
     164,
     215,
     100,
     250,
     208 };
    TripleDESCryptoServiceProvider tdes = new TripleDESCryptoServiceProvider();
    //set the secret key for the tripleDES algorithm
    tdes.Key = keyArray;
    //mode of operation. there are other 4 modes.
    //We choose ECB(Electronic code Book)
    tdes.Mode = CipherMode.CBC;
    //padding mode(if any extra byte added)
    tdes.IV = new byte[8];
    tdes.Padding = PaddingMode.PKCS7;
    ICryptoTransform cTransform = tdes.CreateEncryptor();
    //transform the specified region of bytes array to resultArray
    byte[] resultArray =
      cTransform.TransformFinalBlock(toEncryptArray, 0,
      toEncryptArray.Length);
    //Release resources held by TripleDes Encryptor
    tdes.Clear();
    //Return the encrypted data into unreadable string format
    string enCryptedString = Convert.ToBase64String(resultArray, 0, resultArray.Length);
}

private static void Decrypt()
{
    byte[] toEncryptArray = Convert.FromBase64String("T71mQdBbEwnk5kZKAc+16kgsrln4EkCJ");

    byte[] keyArray = new byte[16] {
     34,
     170,
     219,
     38,
     68,
     125,
     135,
     181,
     80,
     177,
     85,
     164,
     215,
     100,
     250,
     208 };
    //string s = Convert.ToBase64String(keyArray);

    //string s1 = UTF8Encoding.UTF8.GetString(keyArray);

    //string s3 = UTF32Encoding.UTF32.GetString(keyArray);

    //string s4 = UTF7Encoding.UTF7.GetString(keyArray);


    TripleDESCryptoServiceProvider tdes = new TripleDESCryptoServiceProvider();
    //set the secret key for the tripleDES algorithm
    tdes.Key = keyArray;
    //mode of operation. there are other 4 modes. 
    //We choose ECB(Electronic code Book)

    tdes.Mode = CipherMode.CBC;
    //padding mode(if any extra byte added)
    //tdes.Padding = PaddingMode.PKCS7;

    tdes.IV = new byte[8];

    ICryptoTransform cTransform = tdes.CreateDecryptor();

    byte[] resultArray = cTransform.TransformFinalBlock(
                         toEncryptArray, 0, toEncryptArray.Length);
    //Release resources held by TripleDes Encryptor                
    tdes.Clear();



    //return the Clear decrypted TEXT
    string decryptedString = UTF8Encoding.UTF8.GetString(resultArray);

    string s2 = Convert.ToBase64String(resultArray); // Base 64 string of raw cc token


    var str = System.Text.Encoding.Default.GetString(new byte[8]);

}

Oracle尝试如下:

--encrypt
SET SERVEROUTPUT ON;
DECLARE
     l_encrypted   RAW(128);
BEGIN
     l_encrypted := dbms_crypto.encrypt(src => utl_raw.cast_to_raw('ID:5031743749436704'), 
                                        typ => dbms_crypto.des3_cbc_pkcs5, 
                                        key => utl_encode.base64_decode(utl_raw.cast_to_raw('IqrbJkR9h7VQsVWk12T60A==') ) 
                                        );

     dbms_output.put_line( UTL_I18N.RAW_TO_CHAR(utl_encode.base64_encode(l_encrypted),'AL32UTF8'));
END;
/
/*
actual result:      VOsHqOuCJUSVYMta4Bz2tSe/aMDN+Ol9
expected result:    oCQBWzcu9gCYmxf0kL3oTgkX/K8UVk/t
*/


--decrypt
SET SERVEROUTPUT ON;
DECLARE
     l_decrypted RAW(128);
BEGIN
      l_decrypted := dbms_crypto.decrypt(src => utl_encode.base64_decode(utl_raw.cast_to_RAW('oCQBWzcu9gCYmxf0kL3oTgkX/K8UVk/t')),
                                        typ => DBMS_CRYPTO.des3_cbc_pkcs5,
                                        key => utl_encode.base64_decode(utl_raw.cast_to_raw('IqrbJkR9h7VQsVWk12T60A==') )
                                        );
      dbms_output.put_line( UTL_I18N.RAW_TO_CHAR(l_decrypted,'AL32UTF8'));
END;
/

/*
actual result: 

Error report -
ORA-28817: PL/SQL function returned an error.
ORA-06512: at "SYS.DBMS_CRYPTO_FFI", line 67
ORA-06512: at "SYS.DBMS_CRYPTO", line 44
ORA-06512: at line 4
28817. 00000 -  "PL/SQL function returned an error."
*Cause:    A PL/SQL function returned an error unexpectedly.
*Action:   This is an internal error. Enable tracing to find more
           information. Contact Oracle customer support if needed.
*Document: NO

expected result: ID:5031743749436704
*/

2 个答案:

答案 0 :(得分:1)

Oracle的DBMS_CRYPTO软件包不支持PKCS7。

Here是您的选择。

希望有帮助。

答案 1 :(得分:1)

如Mark所说,dbms_crypto当前不支持PKCS7。

要回答有关您的PKCS5代码为何由于(“毫无帮助的”错误)“ PL / SQL函数意外返回错误”而失败的问题,您遇到的问题是您正在调用的用于转换值的函数srckey参数不太正确。您无需调用utl_encode.base64_decode来转换原始键值。另外,您传递给src的值应该与从原始加密的原始值转换为字符串的方式相反-即,为了显示加密的值,您叫utl_encode.base64_encode,后跟utl_i18n.raw_to_char 。要将结果字符串转换回原始字符串,您需要进行完全相反的操作-即先调用utl_i18n.string_to_raw,再调用utl_encode.base64_decode

这是一个有效的示例:

SET SERVEROUTPUT ON;
DECLARE
     l_encrypted   RAW(128);
     l_decrypted   RAW(128);
     l_key         RAW(128);
BEGIN
     l_key := utl_raw.cast_to_raw('IqrbJkR9h7VQsVWk12T60A==');

     l_encrypted := dbms_crypto.encrypt(src => utl_raw.cast_to_raw('ID:5031743749436704'), 
                                        typ => dbms_crypto.des3_cbc_pkcs5, 
                                        key => l_key
                                        );

     dbms_output.put_line(
       UTL_I18N.RAW_TO_CHAR(
         utl_encode.base64_encode(l_encrypted),'AL32UTF8'));

     l_encrypted := utl_encode.base64_decode(
       utl_i18n.string_to_raw('tKQyG9kMqEMyv28q/dDXfGuWbf+Dnday','AL32UTF8'));

     dbms_output.put_line(
       UTL_I18N.RAW_TO_CHAR(
         utl_encode.base64_encode(l_encrypted),'AL32UTF8'));

     l_decrypted := dbms_crypto.decrypt(src => l_encrypted,
                                        typ => DBMS_CRYPTO.des3_cbc_pkcs5,
                                        key => l_key
                                        );

     dbms_output.put_line( UTL_I18N.RAW_TO_CHAR(l_decrypted,'AL32UTF8'));
END;
/

tKQyG9kMqEMyv28q/dDXfGuWbf+Dnday
tKQyG9kMqEMyv28q/dDXfGuWbf+Dnday
ID:5031743749436704

LiveSQL