Chapter 6 Oracle Encryption

The other component we will have to worry about is the actual key that is used to encrypt and decrypt. The key must be such that it is not easily guessed, and since no one is expected to remember it, it may not be a string of human comprehensible characters.  It can be just any arbitrary string of characters. The best option to generate a key is using the new code segment DES3GetKey in the package dbms_obfuscation_toolkit. As in all other codes in this package, the DES3GetKey code is also implemented as both a procedure and a function and overloaded with both VARCHAR2 and RAW datatypes. Here is the explanation of the parameters to the procedure version in the RAW format.

In the procedure version of the VARCHAR2 format, the parameters are the same, except seed is renamed to seed_string. Of course, the datatypes change from RAW to VARCHAR2.

Here is an example of how the procedure is used:

    v_key_raw  raw (2000);
    v_key      varchar2 (2000);
    v_seed     varchar2 (2000) := 'Seed';
    v_seed_raw raw (2000);
    v_seed := rpad(v_seed, 80);
    v_seed_raw := utl_raw.cast_to_raw (v_seed);
        which=> 1,
        seed => v_seed_raw,
        key  => v_key_raw

Oracle Privacy Security Auditing

