I'm new to encryption and am trying to figure out if the Linux gpg command and Oracle's dbms_crypto package can work together. Oracle version is 11R2. I'll be receiving files encrypted by a different system and would like to decrypt them via PL/SQL if possible. I'm running through the thread below as a POC to see if this is possible.
At the Linux prompt I created a key with this command:
gpg --gen-key
Created a public key with this command (using an actual email addr):
gpg --armor --export [email protected] > mypublickey
And encrypted my file like this:
gpg -r [email protected] --output input.txt.encrypted --encrypt input.txt
amongst the stdout was this message:
gpg: encrypted with 2048-bit RSA key
So now I have an encrypted file.
Using blobs/clobs I loaded my encrypted file and my pub key into an Oracle table. I'm attempting to use the dbms_crypto.decrypt function to decrypt the file:
select dbms_crypto.decrypt(
encrypted_file,
?,
utl_raw.cast_to_raw('public_key'),
null)
from crypto_test_lobs
At this point I'm unsure what values to pass for the 2nd argument which is the "Stream or block cipher type and modifiers to be used". I've tried several different combinations which result in a variety of exceptions that are probably not worth posting.
So my questions are:
- Is this possible?
- How do I figure out that 2nd argument?
Thanks
How do I figure out that 2nd argument?The second argument is an integer which defines the algorithm to use. See also http://docs.oracle.com/cd/B28359_01/appdev.111/b28419/d_crypto.htm. Within PL/SQL, you can use constants from the DBMS_CRYPTO package to set these values, for example to use AES-256 with CBC and PKCS5-padding, use something like
Outside PL/SQL, you need to know the actual numbers which the constants define. See http://www.remote-dba.net/t_advanced_dbms_crypto.htm for a corresponding list. To define the same algorithm as above, you would use 8 + 256 + 4096.