联系:手机/微信(+86 17813235971) QQ(107644445)
作者:惜分飞©版权所有[未经本人同意,不得以任何形式转载,否则有进一步追究法律责任的权利.]
在安全越来越重视的近体,我们不少时候需要对数据库中的某个表的敏感列数据(银行卡,身份证号码,金额等)进行加密,方式数据泄密,在11.2.0.4中可以通过dbms_crypto包方式实现,增加oracle的加密效率,本文提供处理思路,其他可以根据需求尽情发挥
数据库版本
SQL> select * from v$version; BANNER -------------------------------------------------------------------------------- Oracle Database 11g Enterprise Edition Release 11.2.0.4.0 - 64bit Production PL/SQL Release 11.2.0.4.0 - Production CORE 11.2.0.4.0 Production TNS for Linux: Version 11.2.0.4.0 - Production NLSRTL Version 11.2.0.4.0 - Production [/shell] <strong>创建加密函数</strong> 1 SQL> create or replace function f_Encrypt_number(number_in in varchar2) return raw is 2 number_in_raw RAW(128):=UTL_I18N.STRING_TO_RAW(number_in,'AL32UTF8'); 3 key_number number(32):=32432432343243279898; 4 key_raw RAW(128):=UTL_RAW.cast_from_number(key_number); 5 encrypted_raw RAW(128); 6 begin 7 encrypted_raw:=dbms_crypto.Encrypt(src=>number_in_raw,typ=>DBMS_CRYPTO.DES_CBC_PKCS5,key=>key_raw); 8 return encrypted_raw; 9 end; 10 / Function created.
测试加密函数
SQL> select f_Encrypt_number('wwww.xifenfei.com') from dual; F_ENCRYPT_NUMBER('WWWW.XIFENFEI.COM') -------------------------------------------------------------------------------- 003CB89CB77F6644C93AE2CF7810B0E3E3B10B8C60B54058
创建解密函数
SQL> create or replace function f_decrypt_number (encrypted_raw IN RAW) 2 return varchar2 is 3 decrypted_raw raw(48); 4 key_number number(32):=32432432343243279898; 5 key_raw RAW(128):=UTL_RAW.cast_from_number(key_number); 6 begin 7 decrypted_raw := DBMS_CRYPTO.DECRYPT 8 ( 9 src => encrypted_raw, 10 typ => DBMS_CRYPTO.DES_CBC_PKCS5, 11 key => key_raw 12 ); 13 return UTL_I18N.RAW_TO_CHAR (decrypted_raw, 'AL32UTF8'); 14 END; 15 / Function created.
测试解密函数
SQL> select f_decrypt_number('003CB89CB77F6644C93AE2CF7810B0E3E3B10B8C60B54058') from dual; F_DECRYPT_NUMBER('003CB89CB77F6644C93AE2CF7810B0E3E3B10B8C60B54058') -------------------------------------------------------------------------------- wwww.xifenfei.com
创建表综合测试
SQL> create table xifenfei_crypto 2 (id number, name varchar2(20),en_name raw(128)) ; Table created. SQL> insert into xifenfei_crypto (id,name) select object_id,object_name from dba_objects where rownum<10; 9 rows created. SQL> commit; Commit complete. SQL> select * from xifenfei_crypto; ID NAME EN_NAME ---------- -------------------- ------------------------------ 20 ICOL$ 46 I_USER1 28 CON$ 15 UNDO$ 29 C_COBJ# 3 I_OBJ# 25 PROXY_ROLE_DATA$ 41 I_IND1 54 I_CDEF2 9 rows selected. SQL> update xifenfei_crypto set en_name=f_Encrypt_number(name); 9 rows updated. SQL> commit; Commit complete. SQL> select * from xifenfei_crypto; ID NAME EN_NAME ---------- -------------------- -------------------------------------------------- 20 ICOL$ FE17B031331839A9 46 I_USER1 FEF96765B1E2C53C 28 CON$ 0283FCE900ACED5C 15 UNDO$ 20DD92762F199436 29 C_COBJ# A0CB43E2EA6BA889 3 I_OBJ# F2DE1B9C8A39AA3D 25 PROXY_ROLE_DATA$ 62B99C02EBD4B250311E4490207FEF18CBD8CD8FBA1BFD81 41 I_IND1 3F4C3C186F8E2F52 54 I_CDEF2 CA23D202802BD3AC 9 rows selected. SQL> select id,name,f_decrypt_number(EN_NAME) de_name,en_name from xifenfei_crypto; ID NAME DE_NAME EN_NAME ---------- -------------------- ------------------------------ -------------------------------------------------- 20 ICOL$ ICOL$ FE17B031331839A9 46 I_USER1 I_USER1 FEF96765B1E2C53C 28 CON$ CON$ 0283FCE900ACED5C 15 UNDO$ UNDO$ 20DD92762F199436 29 C_COBJ# C_COBJ# A0CB43E2EA6BA889 3 I_OBJ# I_OBJ# F2DE1B9C8A39AA3D 25 PROXY_ROLE_DATA$ PROXY_ROLE_DATA$ 62B99C02EBD4B250311E4490207FEF18CBD8CD8FBA1BFD81 41 I_IND1 I_IND1 3F4C3C186F8E2F52 54 I_CDEF2 I_CDEF2 CA23D202802BD3AC 9 rows selected.