Simple Oracle Plsql Package for password encryption and decryption

Introduction:

The script provided demonstrates how to create a simple password encryption and decryption package in Oracle using the DBMS_OBFUSCATION_TOOLKIT. Below is a step-by-step breakdown of each part of the code:

1. Setting Up the Environment:

Before running the package, it is recommended to connect to the database as SYSDBA and run the script ?/rdbms/admin/catobtk.sql. This script installs the DBMS_OBFUSCATION_TOOLKIT package necessary for encryption and decryption functionalities.

2. Creating the Table USERS_INFO:

The table USERS_INFO is created to store usernames and encrypted passwords.

CREATE TABLE USERS_INFO

(

  USERNAME VARCHAR2(20 BYTE),

  PASS VARCHAR2(20 BYTE)

);

3. Creating the Package Specification PASSWORD:

The package specification defines two functions: encrypt and decrypt. These functions will handle the encryption and decryption of passwords.

CREATE OR REPLACE PACKAGE PASSWORD AS
   function encrypt(i_password varchar2) return varchar2;
   function decrypt(i_password varchar2) return varchar2;
END PASSWORD;
/
show errors

4. Creating the Package Body PASSWORD:

The package body implements the actual logic for the encrypt and decrypt functions using Oracle's DBMS_OBFUSCATION_TOOLKIT.

Key Points:

• The encryption key (c_encrypt_key) must be exactly 8 bytes long.
• Input data for encryption must have a length divisible by eight, achieved using RPAD to pad the input string.

CREATE OR REPLACE PACKAGE BODY PASSWORD AS

  -- Key for encryption and decryption

  c_encrypt_key VARCHAR2(8) := 'key45678';

  -- Encrypt function

  FUNCTION encrypt (i_password VARCHAR2) RETURN VARCHAR2 IS

    v_encrypted_val VARCHAR2(38);

    v_data          VARCHAR2(38);

  BEGIN

     -- Pad the input data to a length divisible by eight

     v_data := RPAD(i_password, (TRUNC(LENGTH(i_password)/8) + 1) * 8, CHR(0));

     -- Encrypt the data

     DBMS_OBFUSCATION_TOOLKIT.DESENCRYPT(

        input_string     => v_data,

        key_string       => c_encrypt_key,

        encrypted_string => v_encrypted_val);

     RETURN v_encrypted_val;

  END encrypt;

  -- Decrypt function

  FUNCTION decrypt (i_password VARCHAR2) RETURN VARCHAR2 IS

    v_decrypted_val VARCHAR2(38);

  BEGIN

     -- Decrypt the data

     DBMS_OBFUSCATION_TOOLKIT.DESDECRYPT(

        input_string     => i_password,

        key_string       => c_encrypt_key,

        decrypted_string => v_decrypted_val);

     RETURN v_decrypted_val;

  END decrypt;

END PASSWORD;

/

SHOW ERRORS;

5. Testing the Encryption and Decryption:

The following SQL statements test the encryption and decryption functions:

select password.encrypt('PASSWORD1') from dual;
select password.decrypt(app_password.encrypt('PASSWORD1')) from dual;
select password.encrypt('PSW2') from dual;
select password.decrypt(app_password.encrypt('PSW2')) from dual;

6. Inserting and Retrieving Encrypted Data:

The script demonstrates inserting an encrypted password into the USERS_INFO table and then retrieving and decrypting it.

--- Insert encrypted Password ---

insert into USERS_INFO values ('redddy',( select password.encrypt('REDDY1') from dual) );
select password.decrypt((pass)) from USERS_INFO where USERNAME='redddy';

Important Notes:

• Security Considerations: The DBMS_OBFUSCATION_TOOLKIT uses DES encryption, which is considered outdated and insecure by modern standards. It’s recommended to use DBMS_CRYPTO for more robust encryption methods, such as AES.
• Error Handling: The script should include error handling to manage issues that may arise during encryption or decryption processes.
• Testing and Validation: Always test encryption and decryption thoroughly, especially when dealing with sensitive data like passwords, to ensure the correct implementation.

This setup demonstrates basic encryption and decryption using Oracle's built-in toolkit, providing a foundation for enhancing database security.