Database Reference
In-Depth Information
EXCEPTION
WHEN OTHERS THEN
m_err_no := SQLCODE;
m_err_txt := SQLERRM;
END p_get_des_crypt_test_data;
We send clear text
test_data
from the client to Oracle, and this procedure returns
crypt_data
after
encryption by a call to the
f_get_crypt_data
function. That function is also a Java stored procedure.
Java Methods for Secret Password Decryption
Once we've called the
appsec
procedures to get the DES secret password key artifacts and encrypted data
back to the client, we need to
1.
decrypt the artifacts with the RSA private key
2.
generate the DES secret password key
3.
decrypt the data with the secret password key
As a rule, I try to limit the number of steps that I require of developers to accomplish work. Why
make a developer call three methods when they can call a single method that accomplishes the other
calls for them? The application developer's goal is to decrypt data, so we provide a method for them to
do just that.
Note
You can find this code in the file
Chapter6/orajavsec/OracleJavaSecure.java
.
Decrypting Data Using the Secret Password Key
After the client application has called the
p_get_des_crypt_test_data
procedure, we have them call the
method
getDecryptData()
shown in Listing 6-14.
Listing 6-14.
Build Secret Password and Decrypt Data,
getDecryptData()
public static final String getDecryptData( RAW cryptData,
RAW cryptSecretDESPassPhrase, RAW cryptSecretDESAlgorithm,
RAW cryptSecretDESSalt, RAW cryptSecretDESIterationCount )
{
String rtrnString = "getDecryptData() A failed";
try {
if( ( null == sessionSecretDESKey ) ||
testAsClientAndServer
) {
decryptSessionSecretDESPassPhrase( cryptSecretDESPassPhrase,
cryptSecretDESAlgorithm, cryptSecretDESSalt,
cryptSecretDESIterationCount );
makeSessionSecretDESKey();
}
rtrnString =
getDecryptData
( cryptData );
} catch( Exception x ) {