Database Reference
In-Depth Information
Running Basic Key Exchange Without Data Encryption
For those times when all we want to do is submit encrypted data updates to Oracle database, or we want
to be prepared to update before doing any selects, we need to assure that we have exchanged keys
beforehand. We can do that by calling the
p_get_shared_passphrase
procedure (in our current design,
this procedure must be included in every individual application package, like
hr_sec_pkg
). Listing 7-30
presents the fundamentals of basic key exchange from a Java client.
Listing 7-30.
Basic Key Exchange
stmt = ( OracleCallableStatement )conn.prepareCall(
"CALL hr.hr_sec_pkg.p_get_shared_passphrase(?,?,?,?,?,?,?,?)" );
...
OracleJavaSecure.makeDESKey( sessionSecretDESPassPhrase,
sessionSecretDESAlgorithm, sessionSecretDESSalt,
sessionSecretDESIterationCount );
We will get and decrypt each artifact of our secret password key, and pass that to the
makeDESKey()
method. At that point, we have completed our key exchange and are ready to exchange encrypted data
and do decryption on both the client and Oracle database.
After we call the
p_get_shared_passphrase
procedure and call
OracleJavaSecure.makeDESKey()
, the
TestOracleJavaSecure
class will again try to do an encrypted data update, and will succeed.
Executing the Demonstrations and Tests
We are going to run our demonstrations and tests now. To do that, we will again edit our code, as
needed, and then compile and run it. In a command prompt, change directories to
Chapter7
. Edit
TestOracleJavaSecure.java
if not already, placing the correct password for
appusr
and correct host and
port number in the Oracle connection string, near the top.
private static String appusrConnString =
"jdbc:oracle:thin:appusr/password@localhost:1521:Orcl";
Compile the code with these commands, or just the second which will automatically compile the
first (be sure the first line of
OracleJavaSecure.java
is commented, the line to
CREATE
the Java structures
in Oracle database).
javac orajavsec/OracleJavaSecure.java
javac TestOracleJavaSecure.java
Then run the code from that same directory with this command:
java TestOracleJavaSecure
Observing the Results
When you execute
TestOracleJavaSecure
(as distributed), all of the tests listed previously will run
straight through from top to bottom. The results will look like this:
Count data in V_EMPLOYEES_PUBLIC: 108
Count data in V_EMPLOYEES_PUBLIC: 108
Oracle success 1)