java


What is the best way to encrypt a clob?


I am using Oracle 9 and JDBC and would like to encyrpt a clob as it is inserted into the DB. Ideally I'd like to be able to just insert the plaintext and have it encrypted by a stored procedure:
String SQL = "INSERT INTO table (ID, VALUE) values (?, encrypt(?))";
PreparedStatement ps = connection.prepareStatement(SQL);
ps.setInt(id);
ps.setString(plaintext);
ps.executeUpdate();
The plaintext is not expected to exceed 4000 characters but encrypting makes text longer. Our current approach to encryption uses dbms_obfuscation_toolkit.DESEncrypt() but we only process varchars. Will the following work?
FUNCTION encrypt(p_clob IN CLOB) RETURN CLOB
IS
encrypted_string CLOB;
v_string CLOB;
BEGIN
dbms_lob.createtemporary(encrypted_string, TRUE);
v_string := p_clob;
dbms_obfuscation_toolkit.DESEncrypt(
input_string => v_string,
key_string => key_string,
encrypted_string => encrypted_string );
RETURN UTL_RAW.CAST_TO_RAW(encrypted_string);
END;
I'm confused about the temporary clob; do I need to close it? Or am I totally off-track?
Edit:
The purpose of the obfuscation is to prevent trivial access to the data. My other purpose is to obfuscate clobs in the same way that we are already obfuscating the varchar columns. The oracle sample code does not deal with clobs which is where my specific problem lies; encrypting varchars (smaller than 2000 chars) is straightforward.
I note you are on Oracle 9, but just for the record in Oracle 10g+ the dbms_obfuscation_toolkit was deprecated in favour of dbms_crypto.
dbms_crypto does include CLOB support:
DBMS_CRYPTO.ENCRYPT(
dst IN OUT NOCOPY BLOB,
src IN CLOB CHARACTER SET ANY_CS,
typ IN PLS_INTEGER,
key IN RAW,
iv IN RAW DEFAULT NULL);
DBMS_CRYPT.DECRYPT(
dst IN OUT NOCOPY CLOB CHARACTER SET ANY_CS,
src IN BLOB,
typ IN PLS_INTEGER,
key IN RAW,
iv IN RAW DEFAULT NULL);
There is an example in Oracle Documentation:
http://download.oracle.com/docs/cd/B10501_01/appdev.920/a96612/d_obtoo2.htm
You do not need to close it
DECLARE
input_string VARCHAR2(16) := 'tigertigertigert';
raw_input RAW(128) := UTL_RAW.CAST_TO_RAW(input_string);
key_string VARCHAR2(8) := 'scottsco';
raw_key RAW(128) := UTL_RAW.CAST_TO_RAW(key_string);
encrypted_raw RAW(2048);
encrypted_string VARCHAR2(2048);
decrypted_raw RAW(2048);
decrypted_string VARCHAR2(2048);
error_in_input_buffer_length EXCEPTION;
PRAGMA EXCEPTION_INIT(error_in_input_buffer_length, -28232);
INPUT_BUFFER_LENGTH_ERR_MSG VARCHAR2(100) :=
'*** DES INPUT BUFFER NOT A MULTIPLE OF 8 BYTES - IGNORING
EXCEPTION ***';
double_encrypt_not_permitted EXCEPTION;
PRAGMA EXCEPTION_INIT(double_encrypt_not_permitted, -28233);
DOUBLE_ENCRYPTION_ERR_MSG VARCHAR2(100) :=
'*** CANNOT DOUBLE ENCRYPT DATA - IGNORING EXCEPTION ***';
-- 1. Begin testing raw data encryption and decryption
BEGIN
dbms_output.put_line('> ========= BEGIN TEST RAW DATA =========');
dbms_output.put_line('> Raw input : ' ||
UTL_RAW.CAST_TO_VARCHAR2(raw_input));
BEGIN
dbms_obfuscation_toolkit.DESEncrypt(input => raw_input,
key => raw_key, encrypted_data => encrypted_raw );
dbms_output.put_line('> encrypted hex value : ' ||
rawtohex(encrypted_raw));
dbms_obfuscation_toolkit.DESDecrypt(input => encrypted_raw,
key => raw_key, decrypted_data => decrypted_raw);
dbms_output.put_line('> Decrypted raw output : ' ||
UTL_RAW.CAST_TO_VARCHAR2(decrypted_raw));
dbms_output.put_line('> ');
if UTL_RAW.CAST_TO_VARCHAR2(raw_input) =
UTL_RAW.CAST_TO_VARCHAR2(decrypted_raw) THEN
dbms_output.put_line('> Raw DES Encyption and Decryption successful');
END if;
EXCEPTION
WHEN error_in_input_buffer_length THEN
dbms_output.put_line('> ' || INPUT_BUFFER_LENGTH_ERR_MSG);
END;
dbms_output.put_line('> ');
Slightly off-topic: What's the point of the encryption/obfuscation in the first place? An attacker having access to your database will be able to obtain the plaintext -- finding the above stored procedure will enable the attacker to perform the decryption.

Related Links

Call external client service to retrieve data based on input data?
Overriding - reducing visibility of a method as private, eclipse error
XML parser configured here does not prevent nor limit external entities resolution
Getting OutOfMemory error while processing huge data into Excel using Apache POI XSSF and SXSSF also
How to convert RGB to RGBA using bit-manipulation
Increment Counter DTO object properties across multiple services in a java application?
JUnit test for boolean type
Don't understand why my program is running the way that it is
Java Swing question mark button
NullPointerException on a String array [duplicate]
Areanging calculator interface
Network communication isn´t working
Not getting user location using GPS_PROVIDER / NETWORK_PROVIDER
Symbol displays wrong in Notification (instead of " it is “) [duplicate]
Deleting row from android SQLite database corrupts entries after deleted row
Android: Run only on App Launch

Categories

HOME
compiler-construction
netbeans
c#-4.0
deezer
tizen
office365api
cmd
leon
sharepoint-designer
alpha
paradox
offline
msp430
try-catch
serverless-framework
serilog
undefined
nhibernate-envers
django-cms
nas
tdd
uninstall
social-media
compatibility
c++-amp
primitive
bcd
nameservers
contact-form
siesta-swift
stringtemplate
nssegmentedcontrol
io-redirection
main
ssjs
sqlite2
mesos-chronos
broadcastreceiver
eclipse-scout
reportingservices-2005
scorm
logfiles
alphabet
aurelia-validation
sqlclient
nsarray
windows-iot-core-10
root-framework
static-ip-address
radtreelist
mikroc
player
websitepanel
clang-static-analyzer
flash-cs5
nsviewcontroller
lua-5.1
prerequisites
php-ci
unity3d-gui
c++03
jsonpickle
c3
nstableviewcell
camanjs
rdtsc
wordpress-theme-customize
xcode-6.2
has-many-through
dml
doskey
rtmfp
picturefill
bundles
monomac
floating-point-precision
quantlib-swig
jmapviewer
html-editor
propertyeditor
automount
ocx
eclipse-templates
qt-jambi
hirefire
self-extracting
table-footer
inotifycollectionchanged
datareader
perfect-hash
user-friendly
webkit.net
boost-smart-ptr
nerddinner
multiple-languages

Resources

Encrypt Message