Database Reference
In-Depth Information
key has already been generated (is the passphrase char array null), and if it has not been generated, we
call the method we described previously,
makeSessionSecretDESPassPhrase()
to build the artifacts.
Listing 6-3.
Generating the Password Key,
makeSessionSecretDESKey()
private static void makeSessionSecretDESKey() throws Exception {
// DES Pass Phrase is generated on server and passed to client
if( null == sessionSecretDESPassPhraseChars )
makeSessionSecretDESPassPhrase();
paramSpec = new PBEParameterSpec( salt, iterationCount );
KeySpec keySpec = new PBEKeySpec( sessionSecretDESPassPhraseChars, salt,
iterationCount );
// Try with recommended algorithm
sessionSecretDESKey = SecretKeyFactory.getInstance(
sessionSecretDESAlgorithm ).generateSecret( keySpec );
// See what algorithm used
sessionSecretDESAlgorithm = sessionSecretDESKey.getAlgorithm();
cipherDES = Cipher.getInstance( sessionSecretDESKey.getAlgorithm() );
}
Using our secret passphrase key artifacts, we first instantiate
paramSpec
, which is a
static
class
member. We use that
paramSpec
member in multiple methods, so we create it as a static class member. It
will be available in future Java stored procedure calls to static methods, from the same Oracle session.
We also instantiate a
KeySpec
class, which is local to the method and is only used here. The
keySpec
member is used by the
SecretKeyFactory
to generate a key of the algorithm type described in the
sessionSecretDESAlgorithm
member. This algorithm type is subject to the bug, so we will actually get a
key of the algorithm type supported by the Oracle JVM version. After that, we get the actual algorithm by
calling
sessionSecretDESKey.getAlgorithm()
. We also get an instance of our DES
Cipher
based on that
algorithm.
Remember that we have passed our RSA public key from the client to Oracle. Now, on Oracle
database we are building our secret password key, artifacts of which we will encrypt with the client
public key and pass back to the client. We will also pass back the actual algorithm to the client, so we
establish a common algorithm on the client.
Encrypting with the Public RSA Key
We have seen this code before, in the last chapter. We encrypt clear data (on Oracle) using our server-
built copy of the RSA public key. However, previously this was a public method that we were calling
directly to demonstrate RSA public key encryption. Now we are using it as a utility method to encrypt
artifacts of our secret password key to send to the client, so we've made it private. Look at the code in
Listing 6-4.
Listing 6-4.
Encrypting with the RSA Public Key,
getRSACryptData()
private static final RAW getRSACryptData( String extRSAPubMod,
String extRSAPubExp,
String clearText
) throws Exception
{
byte[] clearBytes = clearText.getBytes();
return getRSACryptData( extRSAPubMod, extRSAPubExp, clearBytes );
}
