Database Reference
In-Depth Information
until the Oracle database was off-line, or at least until the dependent applications were not running;
otherwise, applications would fail during the interim between the
DROP
and the
CREATE
.
Methods for Using and Testing Encryption in Transit
Our working model will not be tested from the
main()
method of
OracleJavaSecure
; rather, we are going
to demonstrate how we come in as a separate application and use the structures of our Application
Security package,
app_sec_pkg
. We are going to add two more methods to the
OracleJavaSecure
class:
one just for testing,
resetKeys()
; and another to prepare the client to encrypt data for updates / inserts
to Oracle database,
makeDESKey()
.
We want the ability to do data updates from our client application with a minimum of effort. The
least effort requires these steps:
1.
Generate RSA keys on client and pass public key to Oracle.
2.
Generate DES secret password key on Oracle database,
encrypt the artifacts with RSA public key, and pass back to the client.
3.
Build a copy of the DES key on the client.
4.
Encrypt data with DES key and send to Oracle database for decrypt and
update.
We have already demonstrated an Oracle procedure,
p_get_shared_passphrase
, which allowed us to
combine steps 1 and 2 into a single step. However, step 4 requires a second Oracle statement. Therefore,
we are going to have to make at least two calls to Oracle database to do the first update. Within the same
Oracle session, we can do additional updates, each in a single call. We only need to do the combined
steps 1, 2 and 3 once (key exchange); and then after the keys have been established, we can do as many
updates and inserts as we'd like using existing keys.
Method to Build the Secret Password Key
In Chapter 6, we used the
p_get_shared_passphrase
Oracle procedure to get all the DES secret password
key artifacts to the client; however, we didn't build the secret password key until we received encrypted
data from Oracle database that we wanted to decrypt on the client.
In this chapter, we are going to need the DES secret key even without data to decrypt. We are going
to do data encryption on the client and send it to Oracle database as an independent task. So, we need a
Java method that independently builds the secret password key. Listing 7-7 shows the code for that
method.
