Is there a minimum/max length for the initialization vector when using the DBMS_CRYPTO.ENCRYPT proc? I get the error below:
使用DBMS_CRYPTO.ENCRYPT过程时,初始化向量是否有最小/最大长度?我收到以下错误:
ORA-28817: PL/SQL function returned an error.
ORA-06512: at "SYS.DBMS_CRYPTO_FFI", line 3
ORA-06512: at "SYS.DBMS_CRYPTO", line 13
ORA-06512: at "Test_Encryption", line 14
ORA-06512: at line 3
The code generating this error is as follows:
生成此错误的代码如下:
raw_encrypted_token := DBMS_CRYPTO.ENCRYPT( src => UTL_I18N.STRING_TO_RAW( input_token, 'AL32UTF8' ),
typ => encryption_type,
key => key_raw_form,
iv => hextoraw('0123456789ABCDEF') );
When I change the key from 16 to 32 bytes I have no issues. However, I am experimenting decoding in Java using the Cipher object and the initialization vector can only be 16 bytes long. Any suggestions as to how I can solve the initialization vector issue in the pl/sql?
当我将密钥从16字节更改为32字节时,我没有任何问题。但是,我正在尝试使用Cipher对象在Java中进行解码,初始化向量只能是16个字节长。关于如何解决pl / sql中的初始化向量问题的任何建议?
1 个解决方案
#1
3
For most block cipher modes of operation the initialization vector should have the same length as the block size. For AES, this is 128 bit = 16 bytes.
对于大多数分组密码操作模式,初始化矢量应具有与块大小相同的长度。对于AES,这是128位= 16字节。
Your code
hextoraw('0123456789ABCDEF')
actually produces a 16·4=64-bit value, since each hexadecimal digit corresponds to 4 bits, not to an 8 bit byte. So a 32 hex-digit string is the right length for a 128-bit initialization vector.
实际上产生一个16·4 = 64位的值,因为每个十六进制数字对应4位,而不是8位字节。因此,32位十六进制数字串是128位初始化向量的正确长度。
On another note, you should not use an hard-coded initialization vector if you use the same key for each record. For security purposes, each record should be encrypted with its own initialization vector - preferable a random one, though depending on the mode of operation (i.e. CTR), a unique one could be enough (if you let some space between consecutive ones).
另外,如果对每条记录使用相同的密钥,则不应使用硬编码的初始化向量。出于安全考虑,每条记录都应使用自己的初始化向量进行加密 - 最好是随机的,尽管取决于操作模式(即CTR),但是一个唯一的记录可能就足够了(如果你在连续的记录之间留出一些空间)。
#1
3
For most block cipher modes of operation the initialization vector should have the same length as the block size. For AES, this is 128 bit = 16 bytes.
对于大多数分组密码操作模式,初始化矢量应具有与块大小相同的长度。对于AES,这是128位= 16字节。
Your code
hextoraw('0123456789ABCDEF')
actually produces a 16·4=64-bit value, since each hexadecimal digit corresponds to 4 bits, not to an 8 bit byte. So a 32 hex-digit string is the right length for a 128-bit initialization vector.
实际上产生一个16·4 = 64位的值,因为每个十六进制数字对应4位,而不是8位字节。因此,32位十六进制数字串是128位初始化向量的正确长度。
On another note, you should not use an hard-coded initialization vector if you use the same key for each record. For security purposes, each record should be encrypted with its own initialization vector - preferable a random one, though depending on the mode of operation (i.e. CTR), a unique one could be enough (if you let some space between consecutive ones).
另外,如果对每条记录使用相同的密钥,则不应使用硬编码的初始化向量。出于安全考虑,每条记录都应使用自己的初始化向量进行加密 - 最好是随机的,尽管取决于操作模式(即CTR),但是一个唯一的记录可能就足够了(如果你在连续的记录之间留出一些空间)。