Re: encryption algorithm

Scott Williams_5 · ‎06-13-2003

Hi all,

We have Hpux 11.0 with Oracle 8.1.7.

I'm looking for an encrypt/decrypt algorithm to encrypt credit card information stored in some of our Oracle tables. The idea is to be able access it programmatically (encrypting & decrypting), but sqlplus queries only show jibberish.

Anyone deal with a similar issue? If so, how was it resolved?

Thanks,

Scott Williams

Umapathy S · ‎06-13-2003

Scott,
For encryption/decryption algorithms I can suggest using Rijndael algorithm. Check this out,
http://csrc.nist.gov/CryptoToolkit/aes/rijndael/

I am not understanding your last question. Normally its good to encrypt and hexify the results before storing it. Through hexification we get printable characters that can be stored in a db. Later use the same approach of dehexify and decrypt when you get the details.

HTH,
Umapathy

Arise Awake and Stop NOT till the goal is Reached!

Massimo Bianchi · ‎06-13-2003

Hi,
oracle has the functionality to send cripted traffic over the network.
You can used MD5 authentication for the purpouse of masquerading sqlnet output if without the proprer key.

Another security trick it to restric the sqlnet access using the sqlnet.ora files.

I will try to search some docs on metalink.

HTH,
Massimo

Massimo Bianchi · ‎06-13-2003

Doc ID: Note:104410.1
Subject: How to Enable Encryption & Checksumming using JDBC Drivers
Type: BULLETIN
Status: PUBLISHED
Content Type: TEXT/PLAIN
Creation Date: 04-APR-2000
Last Revision Date: 02-MAY-2001

Overview ---------- This article describes how to enable encryption and checksumming using JDBC drivers.

Darren Prior · ‎06-13-2003

Hi Scott,

perhaps something like PGP could be used? It has an ascii armouring option.

regards,

Darren.

Calm down. It's only ones and zeros...

Massimo Bianchi · ‎06-13-2003

Doc ID: Note:151126.1
Subject: Oracle Advanced Security Release 8.1.7 README
Type: README
Status: PUBLISHED
Content Type: TEXT/PLAIN
Creation Date: 29-JUN-2001
Last Revision Date: 29-JUN-2001

Elena Leontieva · ‎06-13-2003

Scott,

You may want to look at this overview:
http://www.cybcon.com/~jkstill/util/zips/Data_Obfuscation_and_Encryption.doc

Caesar_3 · ‎06-13-2003

Hello!

Use the MD5 or the blowfish.

Caesar

A. Clay Stephenson · ‎06-13-2003

Before you tackle this, you need to do some more design work:

1) How will you store the keys? - or will everyone use a common key?

2) What happens if the key is lost?

3) Do you really want encryption or could the sensitive data be stored in a very restricted table and joined to the main table as only as needed?

4) How do you plan to restrict access to the SQL procedures?

If it ain't broke, I can fix that.

Scott Williams_5 · ‎06-16-2003

Thank you all for your responses. A.Clay Stephenson has it right -- I've got some more design work to do. But you all have given me a good starting point. I appreciate your time.

I believe we'll end up doing a combination of things along these lines:
1. Store a translation of the data (obfuscate), rather than encrypt.
2. Restrict table access for SQL
3. Application data masking.

Thanks again!

Scott Williams

Yogeeraj_1 · ‎06-16-2003

hi,

Clay is right!

I can understand why you are having problems doing it in Oracle itself.

Below a small example for you:
=========================================================================

yd@MYDB.MU> r
1 create or replace function crypt( p_str in varchar2 ) return raw
2 as
3 l_data varchar2(255);
4 begin
5 l_data := rpad( p_str, (trunc(length(p_str)/8)+1)*8, chr(0) );
6 return dbms_obfuscation_toolkit.DESEncrypt( input => utl_raw.cast_to_raw(l_data),key => utl_raw.cast_to_raw('MagicKey') );
7* end;

Function created.

Elapsed: 00:00:00.19

yd@MYDB.MU> r
1 create or replace function decrypt( p_str in raw ) return varchar2
2 as
3 begin
4 return utl_raw.cast_to_varchar2( dbms_obfuscation_toolkit.DESdecrypt( input => p_str,key=> utl_raw.cast_to_raw('MagicKey') ) );
5* end;

Function created.

Elapsed: 00:00:00.03
yd@MYDB.MU>

yd@MYDB.MU> column data format a10
yd@MYDB.MU> create table tabyd ( data varchar2(9), data_enc raw(16) );

Table created.

Elapsed: 00:00:00.02
yd@MYDB.MU> insert into tabyd values ( '012345678',crypt('012345678'));

1 row created.

Elapsed: 00:00:00.04
yd@MYDB.MU> commit;

Commit complete.

Elapsed: 00:00:00.01
yd@MYDB.MU> select data,data_enc,decrypt(data_enc) data from tabyd;

DATA DATA_ENC DATA
__________ ________________________________ __________
012345678 07CF8213EDC46C277C720164D915B70C 012345678

Elapsed: 00:00:00.01
yd@MYDB.MU>

==============================================================================================

Hope this helps!

regards
Yogeeraj

No person was ever honoured for what he received. Honour has been the reward for what he gave (clavin coolidge)

Yogeeraj_1 · ‎06-16-2003

sorry for the garbled output. attached a more readable one.

regards
Yogeeraj

No person was ever honoured for what he received. Honour has been the reward for what he gave (clavin coolidge)

Scott Williams_5 · ‎06-17-2003

Yogeeraj,

Your example was clear and understandable.
Very nice -- Thanks!

Scott

Categories

Company

Local Language

Forums

Discussions

Forums

Discussions

Forums

Discussions

Forums

Discussions

Forums

Discussions

Discussions

Forums

Forums

Discussions

Forums

Discussions

Forums

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Community

Resources

Other HPE Sites

Discussions

Forums

Blogs

Re: encryption algorithm

encryption algorithm