DEV Community

Cover image for An Introduction to DBMS_OBFUSCATION_TOOLKIT in Oracle PL/SQL
Hassam Abdullah
Hassam Abdullah

Posted on

An Introduction to DBMS_OBFUSCATION_TOOLKIT in Oracle PL/SQL

DBMS_OBFUSCATION_TOOLKIT is a powerful Oracle PL/SQL package designed to encrypt data using the Data Encryption Standard (DES) or Triple DES algorithms. It has been a widely used tool for data encryption for over two decades. However, it's essential to note that DBMS_OBFUSCATION_TOOLKIT is now deprecated, and developers are encouraged to use DBMS_CRYPTO as a more modern and robust alternative. DBMS_CRYPTO provides better support for a wide range of algorithms and ease of use. For more information on DBMS_CRYPTO, you can refer to Chapter 39 of the Oracle documentation.

Overview of DES and Triple DES

DES, also known as the Data Encryption Algorithm (DEA), has been a global encryption standard for several years. It is a symmetric key cipher, which means the same key is used for both encryption and decryption. DES encrypts data in 64-bit blocks using a 56-bit key. However, you must provide a 64-bit key to the algorithm, of which only 56 bits are used.

Triple DES (3DES) is a more robust and secure cipher than DES. It requires a 128-bit key for 2-key mode or a 192-bit key for 3-key mode. 3DES encrypts data using the DES algorithm multiple times, making it significantly harder to break using brute force methods.

Security Model and Operational Notes

DBMS_OBFUSCATION_TOOLKIT is installed in the SYS schema by default. As a developer, you can grant package access to existing users and roles as needed. The package also grants access to the PUBLIC role, so explicit grants are not necessary.

Key Management

Key management is crucial for encryption, as poorly chosen or stored keys can compromise the security of encrypted data. When using DBMS_OBFUSCATION_TOOLKIT, you have several options for key management:

  1. Store the key in the database: Storing the key in the database provides some level of security against unauthorized access, but it may not protect against privileged users with access to encryption keys.

  2. Store the key in the operating system: Storing keys in the operating system can be an option, but it depends on the security measures in place for protecting the key file.

  3. User-supplied keys: If you ask users to supply the key, ensure that network encryption is used to prevent the key from being passed in clear text.

Summary of DBMS_OBFUSCATION Subprograms

DBMS_OBFUSCATION_TOOLKIT provides several subprograms for encryption and decryption operations. Let's take a closer look at some of the essential subprograms:

  1. DES3DECRYPT Procedures and Functions: Generates the decrypted form of the input data using Triple DES encryption.

  2. DES3ENCRYPT Procedures and Functions: Generates the encrypted form of the input data using Triple DES encryption.

  3. DES3GETKEY Procedures and Functions: Takes a random value and uses it to generate a Triple DES encryption key.

  4. DESDECRYPT Procedures and Functions: Generates the decrypted form of the input data using DES encryption.

  5. DESENCRYPT Procedures and Functions: Generates the encrypted form of the input data using DES encryption.

  6. DESGETKEY Procedures and Functions: Takes a random value and uses it to generate a DES encryption key.

  7. MD5 Procedures and Functions: Generates MD5 hashes of data for data integrity verification.

Conclusion

DBMS_OBFUSCATION_TOOLKIT has been a widely used tool for data encryption in Oracle PL/SQL applications. However, it is now deprecated, and developers are encouraged to switch to the more advanced and flexible DBMS_CRYPTO package. When implementing data encryption, remember to carefully manage encryption keys to ensure the security and integrity of your encrypted data.

Top comments (0)