HPE Community
Operating System - HP-UX
1835085 Members
2606 Online
110073 Solutions
New Discussion

encryption algorithm

 
SOLVED
Go to solution
Scott Williams_5
Frequent Advisor

‎06-13-2003 07:23 AM

‎06-13-2003 07:23 AM

encryption algorithm

Hi all,

We have Hpux 11.0 with Oracle 8.1.7.

I'm looking for an encrypt/decrypt algorithm to encrypt credit card information stored in some of our Oracle tables. The idea is to be able access it programmatically (encrypting & decrypting), but sqlplus queries only show jibberish.

Anyone deal with a similar issue? If so, how was it resolved?

Thanks,

Scott Williams
0 Kudos
Reply
12 REPLIES 12
Umapathy S
Honored Contributor

‎06-13-2003 07:28 AM

‎06-13-2003 07:28 AM

Re: encryption algorithm

Scott,
For encryption/decryption algorithms I can suggest using Rijndael algorithm. Check this out,
http://csrc.nist.gov/CryptoToolkit/aes/rijndael/

I am not understanding your last question. Normally its good to encrypt and hexify the results before storing it. Through hexification we get printable characters that can be stored in a db. Later use the same approach of dehexify and decrypt when you get the details.

HTH,
Umapathy
Arise Awake and Stop NOT till the goal is Reached!
0 Kudos
Reply
Massimo Bianchi
Honored Contributor

‎06-13-2003 07:42 AM

‎06-13-2003 07:42 AM

Re: encryption algorithm

Hi,
oracle has the functionality to send cripted traffic over the network.
You can used MD5 authentication for the purpouse of masquerading sqlnet output if without the proprer key.

Another security trick it to restric the sqlnet access using the sqlnet.ora files.

I will try to search some docs on metalink.

HTH,
Massimo

0 Kudos
Reply
Massimo Bianchi
Honored Contributor

‎06-13-2003 07:45 AM

‎06-13-2003 07:45 AM

Re: encryption algorithm

Doc ID: Note:104410.1
Subject: How to Enable Encryption & Checksumming using JDBC Drivers
Type: BULLETIN
Status: PUBLISHED
Content Type: TEXT/PLAIN
Creation Date: 04-APR-2000
Last Revision Date: 02-MAY-2001


Overview ---------- This article describes how to enable encryption and checksumming using JDBC drivers.
0 Kudos
Reply
Darren Prior
Honored Contributor

‎06-13-2003 07:47 AM

‎06-13-2003 07:47 AM

Re: encryption algorithm

Hi Scott,

perhaps something like PGP could be used? It has an ascii armouring option.

regards,

Darren.
Calm down. It's only ones and zeros...
0 Kudos
Reply
Massimo Bianchi
Honored Contributor

‎06-13-2003 07:47 AM

‎06-13-2003 07:47 AM

Re: encryption algorithm

Doc ID: Note:151126.1
Subject: Oracle Advanced Security Release 8.1.7 README
Type: README
Status: PUBLISHED
Content Type: TEXT/PLAIN
Creation Date: 29-JUN-2001
Last Revision Date: 29-JUN-2001


0 Kudos
Reply
Elena Leontieva
Esteemed Contributor

‎06-13-2003 07:48 AM

‎06-13-2003 07:48 AM

Re: encryption algorithm

Scott,

You may want to look at this overview:
http://www.cybcon.com/~jkstill/util/zips/Data_Obfuscation_and_Encryption.doc

0 Kudos
Reply
Caesar_3
Esteemed Contributor

‎06-13-2003 08:20 AM

‎06-13-2003 08:20 AM

Re: encryption algorithm

Hello!

Use the MD5 or the blowfish.

Caesar
0 Kudos
Reply
A. Clay Stephenson
Acclaimed Contributor

‎06-13-2003 08:53 AM

‎06-13-2003 08:53 AM

Re: encryption algorithm

Before you tackle this, you need to do some more design work:

1) How will you store the keys? - or will everyone use a common key?

2) What happens if the key is lost?

3) Do you really want encryption or could the sensitive data be stored in a very restricted table and joined to the main table as only as needed?

4) How do you plan to restrict access to the SQL procedures?


If it ain't broke, I can fix that.
0 Kudos
Reply
Scott Williams_5
Frequent Advisor

‎06-16-2003 12:47 PM

‎06-16-2003 12:47 PM

Re: encryption algorithm

Thank you all for your responses. A.Clay Stephenson has it right -- I've got some more design work to do. But you all have given me a good starting point. I appreciate your time.

I believe we'll end up doing a combination of things along these lines:
1. Store a translation of the data (obfuscate), rather than encrypt.
2. Restrict table access for SQL
3. Application data masking.

Thanks again!

Scott Williams
0 Kudos
Reply
Yogeeraj_1
Honored Contributor

‎06-16-2003 08:47 PM

‎06-16-2003 08:47 PM

Re: encryption algorithm

hi,

Clay is right!

I can understand why you are having problems doing it in Oracle itself.

Below a small example for you:
=========================================================================

yd@MYDB.MU> r
1 create or replace function crypt( p_str in varchar2 ) return raw
2 as
3 l_data varchar2(255);
4 begin
5 l_data := rpad( p_str, (trunc(length(p_str)/8)+1)*8, chr(0) );
6 return dbms_obfuscation_toolkit.DESEncrypt( input => utl_raw.cast_to_raw(l_data),key => utl_raw.cast_to_raw('MagicKey') );
7* end;

Function created.

Elapsed: 00:00:00.19

yd@MYDB.MU> r
1 create or replace function decrypt( p_str in raw ) return varchar2
2 as
3 begin
4 return utl_raw.cast_to_varchar2( dbms_obfuscation_toolkit.DESdecrypt( input => p_str,key=> utl_raw.cast_to_raw('MagicKey') ) );
5* end;

Function created.

Elapsed: 00:00:00.03
yd@MYDB.MU>

yd@MYDB.MU> column data format a10
yd@MYDB.MU> create table tabyd ( data varchar2(9), data_enc raw(16) );

Table created.

Elapsed: 00:00:00.02
yd@MYDB.MU> insert into tabyd values ( '012345678',crypt('012345678'));

1 row created.

Elapsed: 00:00:00.04
yd@MYDB.MU> commit;

Commit complete.

Elapsed: 00:00:00.01
yd@MYDB.MU> select data,data_enc,decrypt(data_enc) data from tabyd;

DATA DATA_ENC DATA
__________ ________________________________ __________
012345678 07CF8213EDC46C277C720164D915B70C 012345678

Elapsed: 00:00:00.01
yd@MYDB.MU>

==============================================================================================

Hope this helps!

regards
Yogeeraj
No person was ever honoured for what he received. Honour has been the reward for what he gave (clavin coolidge)
0 Kudos
Reply
Yogeeraj_1
Honored Contributor

‎06-16-2003 08:52 PM

‎06-16-2003 08:52 PM

Solution

Re: encryption algorithm

sorry for the garbled output. attached a more readable one.

regards
Yogeeraj
No person was ever honoured for what he received. Honour has been the reward for what he gave (clavin coolidge)
Reply
Scott Williams_5
Frequent Advisor

‎06-17-2003 06:08 AM

‎06-17-2003 06:08 AM

Re: encryption algorithm

Yogeeraj,

Your example was clear and understandable.
Very nice -- Thanks!

Scott
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.