Secret Password Encryption - Expert Oracle and Java Security

Database Reference

In-Depth Information

secret_pass_algorithm OUT RAW,

secret_pass OUT RAW,

m_err_no OUT NUMBER,

m_err_txt OUT VARCHAR2 )

IS BEGIN

m_err_no := 0;

secret_pass_salt := f_get_crypt_secret_salt ( ext_modulus, ext_exponent );

secret_pass_count := f_get_crypt_secret_count( ext_modulus, ext_exponent );

secret_pass := f_get_crypt_secret_pass( ext_modulus, ext_exponent );

secret_pass_algorithm :=

f_get_crypt_secret_algorithm( ext_modulus, ext_exponent );

EXCEPTION

WHEN OTHERS THEN

m_err_no := SQLCODE;

m_err_txt := SQLERRM;

END p_get_shared_passphrase;

Observe the list of IN and OUT parameters in the Oracle procedure, p_get_shared_passphrase , in

Listing 6-12. We provide the RSA public key modulus and exponent, then get out the artifacts of the

secret password key, and the error number and text. Each of the artifacts is acquired by a call to one of

the Oracle functions, like this:

secret_pass := f_get_crypt_secret_pass( ext_modulus, ext_exponent );

Each of the functions, like f_get_crypt_secret_pass , that are called from p_get_shared_passphrase

are Java stored procedures. We saw the code for one of those functions in Listing 6-11. All the substantial

work of the Java stored procedures is done in our Java code, OracleJavaSecure on the Oracle database

A second procedure that we will look at here is p_get_des_crypt_test_data . It is very similar to

p_get_shared_passphrase except that p_get_des_crypt_test_data has two additional parameters, one IN

and one OUT , as shown in Listing 6-13. These parameters will be used to submit clear text to Oracle

database and to return that text in encrypted form—encrypted with the secret password key.

Listing 6-13. Procedure to get Encrypted Data, p_get_des_crypt_test_data

PROCEDURE p_get_des_crypt_test_data(

ext_modulus VARCHAR2,

ext_exponent VARCHAR2,

secret_pass_salt OUT RAW,

secret_pass_count OUT RAW,

secret_pass_algorithm OUT RAW,

secret_pass OUT RAW,

m_err_no OUT NUMBER,

m_err_txt OUT VARCHAR2,

test_data VARCHAR2 ,

crypt_data OUT RAW )

IS BEGIN

m_err_no := 0;

secret_pass_salt := f_get_crypt_secret_salt( ext_modulus, ext_exponent );

secret_pass_count := f_get_crypt_secret_count( ext_modulus, ext_exponent );

secret_pass := f_get_crypt_secret_pass( ext_modulus, ext_exponent );

secret_pass_algorithm :=

f_get_crypt_secret_algorithm( ext_modulus, ext_exponent );

crypt_data := f_get_crypt_data( test_data ) ;

Expert Oracle and Java Security

Search WWH ::

Custom Search

Home