1、oracle中加密function

CREATE OR REPLACE FUNCTION ENCRYPT_FUNCTION(

V_STR VARCHAR2, V_KEY VARCHAR2) RETURN VARCHAR2 AS V_KEY_RAW RAW(24);

V_STR_RAW RAW(2000);

V_RETURN_STR VARCHAR2(2000);

V_TYPE PLS_INTEGER;

BEGIN

/*************************************************

加密函数　FUN_ENCRYPTION

入参：

V_STR 输入明文字符串

V_KEY 输入密钥字符串，长度为24字节

返回值：

V_RETURN_STR　返回密文字符串，约定返回为 16进制密文字符串

异常处理：

此函数不对任何异常做捕捉处理，请相应的程序模块对异常做捕捉处理。

加密方式：

密钥位数:AES192 DBMS_CRYPTO.ENCRYPT_AES192

连接方式:CBC DBMS_CRYPTO.CHAIN_CBC

填充方式:PKCS5 DBMS_CRYPTO.PAD_PKCS5

**************************************************/

V_KEY_RAW := UTL_I18N.STRING_TO_RAW(V_KEY, 'UTF8');

V_STR_RAW := UTL_I18N.STRING_TO_RAW(V_STR, 'UTF8');

-- 指定‘密钥算法’、‘工作模式’、‘填充方式’

V_TYPE       := DBMS_CRYPTO.ENCRYPT_DES + DBMS_CRYPTO.CHAIN_ECB +

DBMS_CRYPTO.PAD_PKCS5;

V_STR_RAW    := DBMS_CRYPTO.ENCRYPT(SRC => V_STR_RAW,

TYP => V_TYPE,

KEY => V_KEY_RAW);

V_RETURN_STR := RAWTOHEX(V_STR_RAW);

RETURN V_RETURN_STR;

/* EXCEPTION

WHEN OTHERS THEN

RETURN SQLERRM||SQLCODE ;   */

END;2、oracle中解密function

CREATE OR REPLACE FUNCTION DECRYPT_FUNCTION(V_STR VARCHAR2, V_KEY VARCHAR2)

RETURN VARCHAR2 AS

V_KEY_RAW RAW(24);

V_STR_RAW RAW(2000);

V_RETURN_STR VARCHAR2(2000);

V_TYPE PLS_INTEGER;

BEGIN

/************************************************

解密函数　FUN_DECRYPTION

入参：

V_STR 输入密文字符串,约定密文为16进制字符串

V_KEY 输入密钥字符串，长度为24字节

返回值：

V_RETURN_STR　返回明文字符串

异常处理：

此函数不对任何异常做捕捉处理，请相应的程序模块对异常做捕捉处理。

加密方式：

密钥位数:AES192 DBMS_CRYPTO.ENCRYPT_AES192

连接方式:CBC DBMS_CRYPTO.CHAIN_CBC

填充方式:PKCS5 DBMS_CRYPTO.PAD_PKCS5

***************************************************/

V_KEY_RAW := UTL_I18N.STRING_TO_RAW(V_KEY, 'UTF8');

V_STR_RAW := HEXTORAW(V_STR);

-- 指定‘密钥算法’、‘工作模式’、‘填充方式’

V_TYPE := DBMS_CRYPTO.ENCRYPT_DES + DBMS_CRYPTO.CHAIN_ECB +

DBMS_CRYPTO.PAD_PKCS5;

V_STR_RAW := DBMS_CRYPTO.DECRYPT(SRC => V_STR_RAW,

TYP => V_TYPE,

KEY => V_KEY_RAW);

V_RETURN_STR := UTL_I18N.RAW_TO_CHAR(V_STR_RAW, 'UTF8');

RETURN V_RETURN_STR;

/* EXCEPTION

WHEN OTHERS THEN

RETURN SQLERRM||SQLCODE ; */

END;

测试sql：

加密：SELECT ENCRYPT_FUNCTION('1', '1111aaaa') FROM DUAL

输出：A23A359C2B1946A6

解密：SELECT DECRYPT_FUNCTION('A23A359C2B1946A6', '1111aaaa') FROM DUAL

输出：1

在上述function定义中声明的：

V_TYPE := DBMS_CRYPTO.ENCRYPT_DES + DBMS_CRYPTO.CHAIN_ECB + DBMS_CRYPTO.PAD_PKCS5;

与java中默认的参数一直，以保证和java跨平台的加解密可以顺利执行。上述代码是针对des算法进行的，也可进行其他的配置

Oracle 加密包 DBMS_CRYPTO 中有好多不能定义参数的常量，可参考文章：http://blog.itpub.net/post/16888/215845/

Oracle DBMS_CRYPTO

Version 10.2

General Information

Source

{ORACLE_HOME}/rdbms/admin/dbmsobtk.sql

Algorithm Constants

Name

Data Type

Value

Hash Functions

HASH_MD4 (128 bit hash)

PLS_INTEGER

1

HASH_MD5 (128 bit hash)

PLS_INTEGER

2

HASH_SH1 (160 bit hash)

PLS_INTEGER

3

MAC Functions

HMAC_MD5 (128 bit hash)

PLS_INTEGER

1

HMAC_SH1 (160 bit hash)

PLS_INTEGER

2

Block Cipher Algorithms

ENCRYPT_DES (56 bit)

PLS_INTEGER

1; -- 0x0001

ENCRYPT_3DES_2KEY (128 bit)

PLS_INTEGER

2; -- 0x0002

ENCRYPT_3DES

PLS_INTEGER

3; -- 0x0003

ENCRYPT_AES128 (128 bit)

PLS_INTEGER

6; -- 0x0006

ENCRYPT_AES192 (192 bit)

PLS_INTEGER

7; -- 0x0007

ENCRYPT_AES256 (256 bit)

PLS_INTEGER

8; -- 0x0008

ENCRYPT_RC4 (Stream Cipher)

PLS_INTEGER

129; -- 0x0081

Block Cipher Chaining Modifiers

CHAIN_CBC (Cipher Block Chaining)

PLS_INTEGER

256; -- 0x0100

CHAIN_CFB (Cipher Feedback)

PLS_INTEGER

512; -- 0x0200

CHAIN_ECB (Electronic cookbook)

PLS_INTEGER

768; -- 0x0300

CHAIN_OFB (Output Feedback)

PLS_INTEGER

1024; -- 0x0400

Block Cipher Padding Modifiers

PAD_PKCS5 (Complies with PKCS #5)

PLS_INTEGER

4096; -- 0x1000

PAD_NONE (No Dadding)

PLS_INTEGER

8192; -- 0x2000

PAD_ZERO (Pad with Zeros)

PLS_INTEGER

12288; -- 0x3000

Block Ciphers Suites

DES_CBC_PKCS5

PLS_INTEGER

ENCRYPT_DES

+ CHAIN_CBC

+ PAD_PKCS5;

DES3_CBC_PKCS5

PLS_INTEGER

ENCRYPT_3DES

+ CHAIN_CBC

+ PAD_PKCS5;

Dependencies

DBMS_CRYPTO_FFI

DECRYPTBYTES

ENCRYPTBYTES

DECRYPT

ENCRYPT

UTL_RAW

Exceptions

Error Code

Reason

28827

The specified cipher suite is not defined

28829

No value has been specified for the cipher suite to be used

28233

Source data was previously encrypted

28234

DES: Specified key size too short. DES keys must be at least 8 bytes (64 bits).

AES: Specified key size is not supported. AES keys must be 128, 192, or 256 bits

28239

The encryption key has not been specified or contains a NULL value

DECRYPT

Decrypt crypt text data using stream or block cipher with user supplied key and optional iv

Overload 1

dbms_crypto.decrypt(src IN RAW, typ IN PLS_INTEGER, key IN RAW,

iv  IN RAW DEFAULT NULL) RETURN RAW;

See Encrypt Overload 1 demo

Overload 2

dbms_crypto.decrypt(dst IN OUT NOCOPY BLOB, src IN BLOB,

typ IN PLS_INTEGER, key IN RAW, iv  IN RAW DEFAULT NULL);

Overload 3

dbms_crypto.decrypt (dst IN OUT NOCOPY CLOB CHARACTER SET ANY_CS,

src IN BLOB, typ IN PLS_INTEGER, key IN RAW,

iv  IN RAW DEFAULT NULL);

ENCRYPT

Encrypt plain text data using stream or block cipher with user supplied key and optional iv

Overload 1

dbms_crypto.encrypt(src IN RAW, typ IN PLS_INTEGER, key IN RAW,

iv IN RAW DEFAULT NULL) RETURN RAW;

set serveroutput on

DECLARE

l_credit_card_no VARCHAR2(19) := '1234-5678-9012-3456';

l_ccn_raw RAW(128) := utl_raw.cast_to_raw(l_credit_card_no);

l_key     RAW(128) := utl_raw.cast_to_raw('abcdefgh');

l_encrypted_raw RAW(2048);

l_decrypted_raw RAW(2048);

BEGIN

dbms_output.put_line('Original : ' || l_credit_card_no);

l_encrypted_raw := dbms_crypto.encrypt(l_ccn_raw,

dbms_crypto.des_cbc_pkcs5, l_key);

dbms_output.put_line('Encrypted : ' ||

RAWTOHEX(utl_raw.cast_to_raw(l_encrypted_raw)));

l_decrypted_raw := dbms_crypto.decrypt(src => l_encrypted_raw,

typ => dbms_crypto.des_cbc_pkcs5, key => l_key);

dbms_output.put_line('Decrypted : ' ||

utl_raw.cast_to_varchar2(l_decrypted_raw));

END;

/

set serveroutput on

DECLARE

enc_val   RAW(2000);

l_key     RAW(2000);

l_key_len NUMBER := 128/8; -- convert bits to bytes

l_mod     NUMBER := dbms_crypto.ENCRYPT_AES128

+ dbms_crypto.CHAIN_CBC+ dbms_crypto.PAD_PKCS5;

BEGIN

l_key := dbms_crypto.randombytes(l_key_len);

enc_val := dbms_crypto.encrypt(

utl_i18n.string_to_raw('1234-5678-9012-3456', 'AL32UTF8'),

l_mod, l_key);

dbms_output.put_line(enc_val);

END;

/

Overload 2

dbms_crypto.encrypt(dst IN OUT NOCOPY BLOB, src IN BLOB,

typ IN PLS_INTEGER, key IN RAW, iv  IN RAW DEFAULT NULL);

Overload 3

dbms_crypto.encrypt(dst IN OUT NOCOPY BLOB,

src IN CLOB CHARACTER SET ANY_CS, typ IN PLS_INTEGER, key IN RAW, iv  IN RAW DEFAULT NULL);

dbms_crypto.encrypt(UTL_RAW.CAST_TO_RAW(CONVERT('XXX','AL32UTF8')),typ,key);

HASH

Hash source data by cryptographic hash type

Overload 1

dbms_crypto.hash(src IN RAW, typ IN PLS_INTEGER) RETURN RAW;

Overload 2

dbms_crypto.hash(src IN BLOB, typ IN PLS_INTEGER) RETURN RAW;

Overload 3

dbms_crypto.hash(src IN CLOB CHARACTER SET ANY_CS,

typ IN PLS_INTEGER) RETURN RAW;

MAC

Message Authentication Code algorithms provide keyed message protection

Overload 1

dbms_crypto.mac(src IN RAW, typ IN PLS_INTEGER, key IN RAW)

RETURN RAW;

Overload 2

dbms_crypto.mac(src IN BLOB, typ IN PLS_INTEGER, key IN RAW)

RETURN RAW;

Overload 3

dbms_crypto.mac(src IN CLOB CHARACTER SET ANY_CS,

typ IN PLS_INTEGER, key IN RAW) RETURN RAW;

RANDOMBYTES

Returns a raw value containing a pseudo-random sequence of bytes

dbms_crypto.randomnytes(number_bytes PLS_INTEGER) RETURN RAW;

SELECTdbms_crypto.randombytes(1) FROM dual;

SELECT LENGTH(dbms_crypto.randombytes(1)) FROM dual;

SELECT dbms_crypto.randombytes(28) FROM dual;

SELECT LENGTH(dbms_crypto.randombytes(28)) FROM dual;

SELECT dbms_crypto.randombytes(64) FROM dual;

SELECT LENGTH(dbms_crypto.randombytes(64)) FROM dual;

RANDOMINTEGER

Returns a random BINARY_INTEGER

dbms_crypto.randominteger RETURN NUMBER;

SELECTdbms_crypto.randominteger FROM dual;

RANDOMNUMBER

Returns a random Oracle Number

dbms_crypto.randomnumber RETURN NUMBER;

SELECTdbms_crypto.randomnumber FROM dual;