在网上查了很多,做了很小的改动
在方法中定义密钥
CREATE OR REPLACE PACKAGE PG_ENCRYPT_DECRYPT IS IKEY VARCHAR2(8) := 'oracle9i'; FUNCTION GEN_RAW_KEY(IKEY IN VARCHAR2) RETURN RAW; FUNCTION DECRYPT_3KEY_MODE(IVALUE IN RAW, IMODE IN PLS_INTEGER) RETURN VARCHAR2; FUNCTION ENCRYPT_3KEY_MODE(IVALUE IN VARCHAR2, IMODE IN PLS_INTEGER) RETURN RAW; END; / create or replace package body pg_encrypt_decrypt is --创建密钥 function gen_raw_key(ikey in varchar2) return raw as rawkey raw(720):=''; begin for i in 1..length(ikey) loop rawkey:=rawkey||hextoraw(to_char(ascii(substr(ikey,i,1)))); end loop; return rawkey; end; --解密函数 function decrypt_3key_mode(ivalue in raw,imode in pls_integer) return varchar2 as vdecrypted varchar2(4000); rawkey raw(720):=''; begin rawkey:=gen_raw_key(ikey); vdecrypted:=dbms_obfuscation_toolkit.des3decrypt( utl_raw.cast_to_varchar2(ivalue),key_string=>rawkey,which=>imode); return trim(vdecrypted);--注意,去除多余的空格 end; --加密函数 function encrypt_3key_mode(ivalue in varchar2,imode in pls_integer) return raw is vencrypted varchar2(4000); vencryptedraw raw(2048); rawkey raw(720):=''; vTmp Varchar2(24):=rpad(ivalue,24,' ');--注意由于对输入有8的倍数的要求,所以不足位者补空格 begin rawkey:=gen_raw_key(ikey); vencrypted:=dbms_obfuscation_toolkit.des3encrypt(vTmp,key_string=>rawkey,which=>imode); vencryptedraw:=utl_raw.cast_to_raw(vencrypted); return vencryptedraw; end; end; /
网上说了在包中定义密钥,并对包加密,但是发现加密包后仍可看到密钥,不知道是不是自己没写对,所以绕了个路在程序中定义密钥然后传递到sql来实现对密钥的加密,并且可根据传递的密钥是否为空来决定是否执行加密解密。问题:发现对非DES加密后的字符串进行解密会触发异常,后来通过捕获异常来判断是否为加密后的字符串,如果不是加密后的字符串则返回原值来解决表中包含加密和非加密数据的问题,但是这个捕获异常的代码找不到了,改天有时间补上。
传递密钥判断是否加密
CREATE OR REPLACE PACKAGE PG_ENCRYPT_DECRYPT IS FUNCTION GEN_RAW_KEY(IKEY IN VARCHAR2) RETURN RAW; FUNCTION DECRYPT_3KEY_MODE(IVALUE IN VARCHAR2, IMODE IN PLS_INTEGER,IKEY IN VARCHAR2) RETURN STRING; FUNCTION ENCRYPT_3KEY_MODE(IVALUE IN VARCHAR2, IMODE IN PLS_INTEGER,IKEY IN VARCHAR2) RETURN STRING; END; / create or replace package body pg_encrypt_decrypt is --创建密钥 function gen_raw_key(ikey in varchar2) return RAW as rawkey raw(720):=''; begin for i in 1..length(ikey) loop rawkey:=rawkey||hextoraw(to_char(ascii(substr(ikey,i,1)))); end loop; return rawkey; end; --解密函数 function decrypt_3key_mode(ivalue in VARCHAR2,imode in pls_integer,IKEY IN VARCHAR2) return STRING as vdecrypted varchar2(4000); rawkey raw(720):=''; BEGIN if IKEY IS NULL THEN return ivalue; ELSE rawkey:=gen_raw_key(ikey); vdecrypted:=dbms_obfuscation_toolkit.des3decrypt( utl_raw.cast_to_varchar2(ivalue),key_string=>rawkey,which=>imode); return trim(vdecrypted);--注意,去除多余的空格 END IF; end; --加密函数 function encrypt_3key_mode(ivalue IN varchar2,imode in pls_integer,IKEY IN VARCHAR2) return STRING is vencrypted varchar2(4000); vencryptedraw raw(2048); rawkey raw(720):=''; BEGIN if IKEY IS NULL THEN return ivalue; ELSE rawkey:=gen_raw_key(ikey); vencrypted:=dbms_obfuscation_toolkit.des3encrypt(rpad(ivalue,24,' '),key_string=>rawkey,which=>imode); vencryptedraw:=utl_raw.cast_to_raw(vencrypted); return vencryptedraw; END IF; end; end;
在sql中应用
create table users(userid varchar2(50) primary key,password varchar2(64),encrypted varchar2(64)); --创建表 INSERT INTO users VALUES ('user3','3',PG_ENCRYPT_DECRYPT.ENCRYPT_3KEY_MODE('3',1)) --插入数据(用户名,密码,加密后的密码) select userid,password,PG_ENCRYPT_DECRYPT.DECRYPT_3KEY_MODE(encrypted,1) DECRYPTED from users; --解密加密后的数据
