Results 1 to 7 of 7
  1. #1
    Join Date
    Feb 2004
    Posts
    5

    Unanswered: using DBMS_OBFUSCATION_TOOLKIT.DESENCRYPT

    Hello,
    I am very very new to Stored Procedures and need to encrypt and dencrypt a Password using DBMS_OBFUSCATION_TOOLKIT.DESENCRYPT.

    I keep getting an ORA Error 28232: invalid input length for obfuscation when run and can't figure out why?

    Here is my snippet...

    ...
    (Package)
    v_key varchar2(8) := '12345678' ;
    v_decrypted_string varchar2(32);

    (Package body)
    v_data varchar2(32);
    v_Key_check_flag number;
    v_encrypted_string varchar2(32);

    ...

    v_key_check_flag := mod(length(v_key),8);

    if v_key_check_flag != 0 then
    Raise_application_error(-20199,'KeyBad...');
    end if;

    DBMS_OBFUSCATION_TOOLKIT.DESDECRYPT
    (input_string => cur_users_rec.password,
    key_string => v_key,
    decrypted_string => v_decrypted_string);

    ...

    Any help would be appricated !!
    -BT

  2. #2
    Join Date
    Feb 2004
    Location
    Espaa
    Posts
    13

    Re: using DBMS_OBFUSCATION_TOOLKIT.DESENCRYPT

    Hello

    Which one is your db server?

    The key that you include in the call to the package depends the database server.

  3. #3
    Join Date
    Feb 2004
    Posts
    5
    Forgive me for not understanding the question, but I'm not sure what you mean ?!

    Actually, I "played" some more and I think am a step farther...

    The Test User accounts were setup with Passwords of "FAKEPW". Once they were changed to a 8 character password "12345678" the Update works, but ignores the verification on the password matchup. (before the update can occur, the typed in "old Password" must match the Stored PW (which is decrypted)).

    The change occurs everytime reguardless of the verification (I did a raised error and it verifies that the PW's are different too).

    When the DB/Stored PW is decrypted, it is in a 9 number format, which is different then what was typed in ?! Why?!

  4. #4
    Join Date
    Feb 2004
    Location
    Espaa
    Posts
    13
    Have you seen the error in ORA Errors Document?

    It explain something about your problem.


    I had a similar problems a month ago.

    The problems appeared when we wanted to migrate a application from a AIX Server to SUN Server.

    I before wanted to tell you that the parameter to call the package depends the DB Server.

    I wait that this answer helps to you

    If you don't have the ORA errors documents tell me it and I'll write you the explanation associate to the error

    Bye

  5. #5
    Join Date
    Feb 2004
    Posts
    5
    David,

    Thanks for your reply.

    Actually no, I don't have that ORA Error Doc, but wouldn't mind having it ?!

    You can email it to:
    Bthomas71chevy_@_Excite.com

    Any ideas on why the Password isn't Decrypting correctly?!

    Example:
    - USer Puts in "ABBY" as their Password.
    - SP Encrypts the PAssword with a Key "12345678" and stores it to the table as "&%&%&%".
    - The User comes back in and does another SP in which the PAssword is Decrypted with the same key and the returned result is "256587418", when it should come back as "ABBY"

    Ideas Why ?! or how to get the "Real" Password or do I need to take the "new pw", encrypt it and then decrypt it and then do the compare ?!

    Thanks
    -BT

  6. #6
    Join Date
    Feb 2004
    Location
    Espaa
    Posts
    13
    Hello

    The documents is very large for mailing to you.

    You can find it in Internet easily

    The error in the document say:
    FRM - 28231 Invalid input size for Obfusction toolkit

    Input to DES encryption/decryption routine not a multiple of 8 bytes

    Action : make Sure that the input corresponding to the PL/SQL function is a multiple of 8 bytes.

    I wait that this helps you.

  7. #7
    Join Date
    Feb 2004
    Posts
    5
    Again, Thanks.

    As a follow up to previous postings, I have changed the way the process is going to work (as someone told me that the DBMS_OBFUSCATION_TOOLKIT.DESENCRYPT is a one way deal and once it is encrypted, it can't be brought back to "real words".

    So, I have decided to leave the Encrypted PW from the DB and Encrypt the Newly Entered PW and when they match, then the update will fire.
    (Example: instead of "abby" = "abby", it will now be when "tue-=" = "tue-=")

    The piece of code that is suppose to handle this is, but isn't is...
    if rtrim(ltrim(v_encrypted_string)) = rtrim(ltrim(cur_users_rec.password)) then
    ...update tables...
    else
    p_error_msg := 'Invalid Userid/Password .. ' ;
    p_error_id := 3 ;
    Raise_application_error(-20199,'MISMATCH !!!! ---->*** ENTERED PW='||v_encrypted_string||' *** DB PW = '||cur_users_rec.password);
    raise pkg_errors;
    end if;

    When the Raise Error Appears, they do match, but the IF Statement doesn't catch it ?!

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •