Oracle Cryptographic Toolkit Programmer's Guide Release 2.0.3 A54082-01 |
|
This chapter describes the PL/SQL interface to the Oracle Cryptographic Toolkit. The PL/SQL procedures and functions are grouped into the following five functional categories:
Section 7.1, "General Purpose Procedures"
Section 7.2, "Digital Signature"
Section 7.3, "Data Encryption"
Section 7.5, "Random Number Generation"
Each PL/SQL function description contains the following information:
Purpose |
Describes what the procedure or function does |
Parameter Descriptions |
Lists a detailed description of each parameter name along with its mode and type |
The following functions and procedures are available to applications. They are contained within the DBMS_CRYPTO_TOOLKIT package. Consult the file DBMS_OCTK.SQL for a full listing of functions and procedures.
Initialize starts the Oracle Cryptographic Toolkit operation. No additional parameters are required.
Terminate ends the Oracle Cryptographic Toolkit operation. No additional parameters are required.
OpenWallet opens a wallet based on a given wallet resource locator (WRL). There are two versions of this procedure: one enables an application to use its own data structure for the wallet, and the other lets the application use the wallet data structure that comes with the Oracle Cryptographic Toolkit.
Parameter Name | Mode | Type |
---|---|---|
password |
IN |
VARCHAR2 |
wallet |
IN OUT |
Wallet |
persona_list |
OUT |
Persona_List |
wallet_resource_locator |
IN |
VARCHAR2 |
The following functions and procedures are used by applications which want to use the wallet kept by the Oracle Cryptographic Toolkit.
OpenWallet opens a wallet based on a given wallet resource locator (optional). There are two versions of this procedure. This version opens the wallet that is kept internally by the package.
Parameter Name | Mode | Type |
---|---|---|
password |
IN |
VARCHAR2 |
persona_list |
OUT |
Persona_List |
wallet_resource_locator |
IN |
VARCHAR2 |
CloseWallet closes a wallet. This version uses the wallet that is kept internally by the package. No parameters are needed for the function.
Parameter Name | Mode | Type |
---|---|---|
|
|
|
DestroyWallet deletes a wallet bases on a given wallet resource locator. The wallet resource locator is optional.
Parameter Name | Mode | Type |
---|---|---|
password |
IN |
VARCHAR2 |
wallet_resource_locator |
IN |
VARCHAR2 |
StorePersona stores a given persona in the specified wallet.
Parameter Name | Mode | Type |
---|---|---|
persona |
IN |
Persona |
OpenPersona opens a persona within a wallet.
Parameter Name | Mode | Type |
---|---|---|
persona |
IN |
Persona |
ClosePersona closes a persona within a wallet.
Parameter Name | Mode | Type |
---|---|---|
persona |
IN |
Persona |
RemovePersona removes a persona from a wallet.
Parameter Name | Mode | Type |
---|---|---|
persona |
IN |
Persona |
CreatePersona creates a persona.
Parameter Name | Mode | Type |
---|---|---|
cipher_type |
IN |
Cipher |
private_information |
IN OUT |
Private_Persona_Information |
prl |
IN OUT |
VARCHAR2 |
alias |
IN |
VARCHAR2 |
longer_description |
IN |
VARCHAR2 |
persona |
OUT |
Persona |
RemoveIdentity destroys an identity.
Parameter Name | Mode | Type |
---|---|---|
identity |
OUT |
Identity |
CreateIdentity creates an identity.
Parameter Name | Mode | Type |
---|---|---|
identitytype |
IN |
Identity_Type |
public_identity |
IN |
VARCHAR2 |
alias |
IN |
VARCHAR2 |
longer_description |
IN |
VARCHAR2 |
trust_qualifier |
IN |
VARCHAR2 |
identity |
OUT |
Identity |
AbortIdentity aborts an identity.
Parameter Name | Mode | Type |
---|---|---|
identity |
IN OUT |
Identity |
persona |
IN |
|
StoreTrustedIdentity stores an identity as a trustpoint within a wallet.
Parameter Name | Mode | Type |
---|---|---|
identity |
IN OUT |
Identity |
Validate uses the trusted identities associated with a persona to validate an identity.
Parameter Name | Mode | Type |
---|---|---|
persona |
IN |
Persona |
identity |
IN |
Identity |
validated |
OUT |
BOOLEAN |
Use the following routines to create and verify digital signatures. There are two versions of each routine: one for raw data and another for strings. The routines are as follows:
Section 7.2.4, "VerifyDetached"
The Sign routine creates an attached signature.
Following is a list of parameters, their descriptions, modes, and types.
Parameter Name | Mode | Type |
---|---|---|
persona |
IN |
Persona |
input |
IN |
RAW |
signature |
OUT |
RAW |
signature_state |
IN |
Crypto_Engine_State |
Parameter Name | Mode | Type |
---|---|---|
persona |
IN |
Persona |
input_string |
IN |
VARCHAR2 |
signature |
OUT |
RAW |
signature_state |
IN |
Crypto_Engine_State |
The Verify routine verifies an attached signature.
Following is a list of parameters, their descriptions, modes, and types.
The SignDetached routine generates a detached signature.
Following is a list of parameters, their descriptions, modes, and types.
Parameter Name | Mode | Type |
---|---|---|
persona |
IN |
Persona |
input |
IN |
RAW |
signature |
OUT |
RAW |
signature_state |
IN |
Crypto_Engine_State |
Parameter Name | Mode | Type |
---|---|---|
persona |
IN |
Persona |
input_string |
IN |
VARCHAR2 |
signature |
OUT |
RAW |
signature_state |
IN |
Crypto_Engine_State |
The VerifyDetached routine verifies a detached signature.
Following is a list of parameters, their descriptions, modes, and types.
Parameter Name | Mode | Type |
---|---|---|
persona |
IN |
Persona |
data |
IN |
RAW |
signature |
IN |
RAW |
verified |
OUT |
BOOLEAN |
validated |
OUT |
BOOLEAN |
signing_party_identity |
OUT |
Identity |
signature_state |
IN |
Crypto_Engine_State |
Use the following routines to encrypt and decrypt data. There are two versions of each routine: one for raw data and another for strings. The routines are as follows:
Section 7.3.1, "PKEncrypt" (for one recipient)
Section 7.3.2, "PKEncrypt" (for multiple recipients)
Section 7.3.6, "Envelope" (for one recipient)
Section 7.3.7, "Envelope" (for multiple recipients)
The following routine performs public key encryption of data for one recipient.
Following is a list of parameters, their descriptions, modes, and types.
Parameter Name | Mode | Type |
---|---|---|
persona |
IN |
Persona |
recipient |
IN |
Identity |
input |
IN |
RAW |
encrypted_data |
OUT |
RAW |
encryption_state |
IN |
Crypto_Engine_State |
Parameter Name | Mode | Type |
---|---|---|
persona |
IN |
Persona |
recipient |
IN |
Identity |
input_string |
IN |
VARCHAR2 |
encrypted_string |
OUT |
VARCHAR2 |
encryption_state |
IN |
Crypto_Engine_State |
The following routine performs public key encryption of data for multiple recipients.
Following is a list of parameters, their descriptions, modes, and types.
Parameter Name | Mode | Type |
---|---|---|
persona |
IN |
Persona |
number_of_recipients |
IN |
POSITIVE |
recipient_list |
IN |
Identity_Array |
input |
IN |
RAW |
encrypted_data |
OUT |
RAW |
encryption_state |
IN |
Crypto_Engine_State |
The following routine performs public key decryption of data.
Following is a list of parameters, their descriptions, modes, and types.
Parameter Name | Mode | Type |
---|---|---|
persona |
IN |
Persona |
input |
IN |
RAW |
decrypted_data |
OUT |
RAW |
decryption_state |
IN |
Crypto_Engine_State |
Parameter Name | Mode | Type |
---|---|---|
persona |
IN |
Persona |
input_string |
IN |
VARCHAR2 |
decrypted_string |
OUT |
VARCHAR2 |
decryption_state |
IN |
Crypto_Engine_State |
The following routine encrypts data for multiple recipients.
Following is a list of parameters, their descriptions, modes, and types.
Parameter Name | Mode | Type |
---|---|---|
persona |
IN |
Persona |
input |
IN |
RAW |
encrypted_data |
OUT |
RAW |
encryption_state |
IN |
Crypto_Engine_State |
Parameter Name | Mode | Type |
---|---|---|
persona |
IN |
Persona |
input_string |
IN |
VARCHAR2 |
encrypted_string |
OUT |
VARCHAR2 |
encryption_state |
IN |
Crypto_Engine_State |
The following routine decrypts data for recipients.
Following is a list of parameters, their descriptions, modes, and types.
Parameter Name | Mode | Type |
---|---|---|
persona |
IN |
Persona |
encrypted_data |
IN |
RAW |
decrypted_data |
OUT |
RAW |
decryption_state |
IN |
Crypto_Engine_State |
Parameter Name | Mode | Type |
---|---|---|
persona |
IN |
Persona |
encrypted_string |
IN |
VARCHAR2 |
decrypted_string |
OUT |
VARCHAR2 |
decryption_state |
IN |
Crypto_Engine_State |
The following Envelope routine envelops data for one recipient.
Following is a list of parameters, their descriptions, modes, and types.
Parameter Name | Mode | Type |
---|---|---|
persona |
IN |
Persona |
recipient |
IN |
Identity |
input |
IN |
RAW |
enveloped_data |
OUT |
RAW |
encryption_state |
IN |
Crypto_Engine_State |
Parameter Name | Mode | Type |
---|---|---|
persona |
IN |
Persona |
recipient |
IN |
Identity |
input_string |
IN |
VARCHAR2 |
enveloped_string |
OUT |
VARCHAR2 |
encryption_state |
IN |
Crypto_Engine_State |
The following Envelope routine envelops data for multiple recipients.
Following is a list of parameters, their descriptions, modes, and types.
Parameter Name | Mode | Type |
---|---|---|
persona |
IN |
Persona |
number_of_recipients |
IN |
POSITIVE |
recipient_list |
IN |
Identity_Array |
input |
IN |
RAW |
enveloped_data |
OUT |
RAW |
encryption_state |
IN |
Crypto_Engine_State |
The following DeEnvelope routine unwraps and decrypts data.
Following is a list of parameters, their descriptions, modes, and types.
Parameter Name | Mode | Type |
---|---|---|
persona |
IN |
Persona |
enveloped_data |
IN |
RAW |
output_data |
OUT |
RAW |
verified |
OUT |
BOOLEAN |
validated |
OUT |
BOOLEAN |
sender_identity |
OUT |
Identity |
decryption_state |
IN |
Crypto_Engine_State |
Use the following routines to generate checksums. There are two versions of each routine: one for raw data and another for strings. The routines are as follows:
The following KeyedHash routine generates a public key checksum.
Following is a list of parameters, their descriptions, modes, and types.
Parameter Name | Mode | Type |
---|---|---|
persona |
IN |
Persona |
input |
IN |
RAW |
keyed_hash |
OUT |
RAW |
hash_state |
IN |
Crypto_Engine_State |
Parameter Name | Mode | Type |
---|---|---|
persona |
IN |
Persona |
input_string |
IN |
VARCHAR2 |
keyed_hash |
OUT |
RAW |
hash_state |
IN |
Crypto_Engine_State |
The following Hash routine generates a checksum.
Following is a list of parameters, their descriptions, modes, and types.
Parameter Name | Mode | Type |
---|---|---|
persona |
IN |
Persona |
input |
IN |
RAW |
hash |
OUT |
RAW |
hash_state |
IN |
Crypto_Engine_State |
Parameter Name | Mode | Type |
---|---|---|
persona |
IN |
Persona |
input_string |
IN |
VARCHAR2 |
hash |
OUT |
RAW |
hash_state |
IN |
Crypto_Engine_State |
Use the DBMS_RANDOM package to generate random numbers. The routines contained within the package are as follows.
The following SeedRandom routine supplies a seed to the Oracle Cryptographic Toolkit's random number generator.
Following is a list of parameter names, their modes, and types.
Parameter Name | Mode | Type |
---|---|---|
seed |
IN |
BINARY_INTEGER |
The following routine generates a random number between -9999999999 and 9999999999. This function returns a BINARY_INTEGER.