Database Reference
In-Depth Information
The first two lines show the same client-only tests that we performed earlier in this chapter. After
that, because
testingOnServer
is
true
, the
main()
method continues to get the DES secret password key
from Oracle. Then we call
f_show_algorithm
and display the negotiated algorithm at the command
prompt, which will likely be
PBEWithMD5AndDES
.
After that, we send the string “Tuesday” to Oracle database for encryption by
p_get_des_crypt_test_data
procedure. We read the encrypted data, decrypt it with a copy of the secret
password key, and display it, “Tuesday”.
We also call the function
f_get_crypt_data
directly, handing it the clear text string “Wednesday”.
We read the encrypted data returned by the function, decrypt it again with the copy of the secret
password key and display it, “Wednesday”. By this time, it is obvious that the session of our Oracle
connection is retaining and reusing the same RSA and DES keys for multiple queries.
Finally, we encrypt the string, “Thursday” on the client and submit it to the Oracle function
f_get_decrypt_data
. Oracle database decrypts the data with the original secret password key. We read
the returned clear text string and print it, “Thursday.”
Chapter Review
We find ourselves at the end of another chapter. Looking back, let's see what ground we've covered.
•
We learned about DES secret password encryption. In particular, we learned
about the various artifacts that make up the secret password key: passphrase, salt,
iteration count, and the algorithm. We also devised a way to observe and report
and work around a bug in JCE, even coding to accommodate an eventual JVM
upgrade that will not have the bug.
•
We found out how to generate the secret password key on Oracle, do key
exchange, then build an identical key on the client. With identical keys (a shared
password), we can exchange encrypted data. We also saw how to use the RSA
public key to encrypt the DES key so that we can exchange it between Oracle
database and the client, but still keep it secret.
We made extensive use of the
SecureRandom
class in order to generate a random
passphrase, salt, and iteration count for each session.
•
•
We explored Oracle packages, something we will depend on for organization and
security.
Figures 6-1 and 6-2 illustrate the secret password encryption processes we have covered in this
chapter. These processes will be used throughout the remainder of this topic. In Figure 6-1, at the top,
you will see that we refer to block
[A]
of Figure 5-1—that is where we saw the standard process of
generating an RSA public/private key pair on the client. We pass the public key exponent and modulus
to Oracle database when we call
p_get_shared_pass_phrase
. You can see in Figure 6-1, on the far right,
that an equivalent public key is built on Oracle database, represented by the key image labeled RSA.
Another key image on the far right, labeled DES depicts the shared password key that we create on the
Oracle database.
Each of the artifacts of the shared password key is encrypted on the Oracle database with the public
key and returned to the client. Each encrypted artifact is placed in one of the
OUT
parameters of the
p_get_shared_pass_phrase
procedure. We have outlined this whole process and labeled it as block
[B]
in
Figure 6-1. This is our standard process for exchanging the shared password key, and we will refer to it in
future Figures.
