AES Encryption Java/plsql

Question

I need to implement the same encryption/decryption application on Java and plsql(DBMS_CRYPTO for Oracle 10g).

The both implementation are working fine but the pb here is that I am getting different output for the encryption of the same plain text. Below the both code used for the encryption/decryption process (Java and PLSQL).

I used the same encryption algorithm "AES/CBC/PKCS5Padding" for DBMS_CRYPTO and Java.The problem here is that I am getting different output for the encryption of the same plain text.

import java.security.*;
import javax.crypto.*;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import sun.misc.*;
import org.apache.commons.codec.binary.Hex;

public class AESencrp {

    private static final String ALGO = "AES/CBC/PKCS5Padding";


    private static final byte[] keyValue = "MyEncryptionKey1".getBytes();
    private static Key key;
    private static Cipher decryptor;
    private static Cipher encryptor;


    public static  void init() throws Exception 
    {

        key = generateKey();
        encryptor = Cipher.getInstance(ALGO);
        IvParameterSpec iv = new IvParameterSpec(Hex.decodeHex("12345678901234567890123456789012".toCharArray()));   
        decryptor=Cipher.getInstance(ALGO);
        encryptor.init(Cipher.ENCRYPT_MODE, key,iv);
        decryptor.init(Cipher.DECRYPT_MODE, key,iv);
    }




public static String encrypt(String Data) throws Exception {
        byte[] encVal = encryptor.doFinal(Data.getBytes());
        String encryptedValue = new BASE64Encoder().encode(encVal);
        return encryptedValue;
    }

 public static String decrypt(String encryptedData) throws Exception {

        byte[] decordedValue = new BASE64Decoder().decodeBuffer(encryptedData);
        byte[] decValue = decryptor.doFinal(decordedValue);
        String decryptedValue = new String(decValue);
        return decryptedValue;
    }

 private static Key generateKey() throws Exception {
        if (key==null)
        key = new SecretKeySpec(keyValue, "AES");
        return key;
}

  public static void main(String[] args) throws Exception {

        init();
        String password = "mypassword";
        String passwordEnc = AESencrp.encrypt(password);
        String passwordDec = AESencrp.decrypt(passwordEnc);

        System.out.println("Plain Text : " + password);
        System.out.println("Encrypted Text : " + passwordEnc);
        System.out.println("Decrypted Text : " + passwordDec);
    }
    }

• Java execution :

Plain Text : mypassword

Encrypted Text : +pvG30k4/KFkeim47tslFQ==

Decrypted Text : mypassword

CREATE OR REPLACE PACKAGE BODY SYSADM.enc_dec
AS
     encryption_type    PLS_INTEGER :=DBMS_CRYPTO.AES_CBC_PKCS5; 
     encryption_key     RAW (32) := UTL_RAW.cast_to_raw('MyEncryptionKey1');


     FUNCTION encrypt (p_plainText VARCHAR2) RETURN RAW DETERMINISTIC
     IS
        encrypted_raw      RAW (2000);
     BEGIN
        encrypted_raw := DBMS_CRYPTO.ENCRYPT
        (
           src => UTL_RAW.CAST_TO_RAW (p_plainText),
           typ => encryption_type,
           key => encryption_key,
           iv => hextoraw('12345678901234567890123456789012') 
        );
       RETURN encrypted_raw;
     END encrypt;
     FUNCTION decrypt (p_encryptedText RAW) RETURN VARCHAR2 DETERMINISTIC
     IS
        decrypted_raw      RAW (2000);
     BEGIN
        decrypted_raw := DBMS_CRYPTO.DECRYPT
        (
            src => p_encryptedText,
            typ => encryption_type,
            key => encryption_key,
            iv => hextoraw('12345678901234567890123456789012') 
        );
        RETURN (UTL_RAW.CAST_TO_VARCHAR2 (decrypted_raw));
     END decrypt;
END;
/

• PlSQL Execution:

select enc_dec.encrypt('mypassword') encrypted from dual;

FA9BC6DF4938FCA1647A29B8EEDB2515

select enc_dec.decrypt(enc_dec.encrypt('mypassword')) decrypted from dual;

mypassword

• Java -->+pvG30k4/KFkeim47tslFQ==

• PLSQL -->FA9BC6DF4938FCA1647A29B8EEDB2515

Can you please advise why we have this difference between the two encrypted output? there is a programming language dependency for the AES encrytion??

Answer 1

The +pvG30k4/KFkeim47tslFQ== is in Base64 representation, while the
FA9BC6DF4938FCA1647A29B8EEDB2515 is in HEX representation, but both strings represent the same value.

Decide on the single representation you will use and just convert one of the outputs to it.

Answer 2

In case someone is interested about the completed code for the PL/SQL based on Java code of first post.

Encrpytion function:

CREATE OR REPLACE FUNCTION F_ENCRYPT (p_plainText VARCHAR2)
   RETURN VARCHAR2
AS
   encryption_type    PLS_INTEGER :=DBMS_CRYPTO.AES_CBC_PKCS5; 
   encryption_key     RAW (32) := UTL_RAW.cast_to_raw('MyEncryptionKey1');
   encrypted_raw      RAW (2000);
BEGIN
   encrypted_raw := DBMS_CRYPTO.ENCRYPT
       (
           src => UTL_RAW.CAST_TO_RAW (p_plainText),
           typ => encryption_type,
           key => encryption_key,
           iv => hextoraw('12345678901234567890123456789012') 
       ); 
       RETURN UTL_RAW.CAST_TO_VARCHAR2 (UTL_ENCODE.base64_encode (encrypted_raw));
END;

Decryption function:

CREATE OR REPLACE FUNCTION F_DECRYPT (p_input VARCHAR2)
   RETURN VARCHAR2
AS
  encryption_type    PLS_INTEGER :=DBMS_CRYPTO.AES_CBC_PKCS5; 
  encryption_key     RAW (32) := UTL_RAW.cast_to_raw('MyEncryptionKey1');
  decrypted_raw      RAW (2000);
BEGIN
  decrypted_raw := DBMS_CRYPTO.DECRYPT
     (
         src => UTL_ENCODE.base64_decode (UTL_RAW.CAST_TO_RAW (p_input)),
         typ => encryption_type,
         key => encryption_key,
         iv => hextoraw('12345678901234567890123456789012') 
     );
     RETURN (UTL_RAW.CAST_TO_VARCHAR2 (decrypted_raw));
END;

Validation:

SELECT 'mypassword' INPUT, 
    F_ENCRYPT('mypassword') ENCRYPTED_RESULT,
    F_DECRYPT(F_ENCRYPT('mypassword')) DECRYPT_RESULT 
FROM DUAL;

Validation Output:

"INPUT"       "ENCRYPTED_RESULT"          "DECRYPT_RESULT"
"mypassword"  "+pvG30k4/KFkeim47tslFQ=="  "mypassword"

Answer 3

Encrpytion / decryption using in oracle plsql

create or replace PACKAGE BODY          "PKG_LOGI_PWD_REG" 
as
  FUNCTION decrypt_val( p_val IN RAW ) RETURN VARCHAR2  
  IS
    l_decrypted RAW(32);
    l_decrypted_string VARCHAR2(32);
    L_USER  varchar2(32);
    L_CHARACTER_SET varchar2(10);
    L_STRING varchar2(32);
    L_KEY raw(250);
    L_ENCRYPTION_TYPE PLS_INTEGER;
  BEGIN
        L_KEY := UTL_I18N.STRING_TO_RAW
                            ( data => '98345678901234567890123456789012',
                              DST_CHARSET => 'AL32UTF8' );
        L_ENCRYPTION_TYPE := dbms_crypto.encrypt_aes256 
                                        + DBMS_CRYPTO.CHAIN_CBC 
                                        + DBMS_CRYPTO.PAD_PKCS5;

        l_decrypted := dbms_crypto.decrypt
                ( SRC => P_VAL,
                  TYP => L_ENCRYPTION_TYPE,
                  key => L_KEY );

        l_decrypted_string := utl_i18n.raw_to_char
                    ( data => l_decrypted ,
                      src_charset => 'AL32UTF8' );
        RETURN l_decrypted_string;

  end DECRYPT_VAL;

  FUNCTION encrypt_val( p_val IN VARCHAR2 ) RETURN VARCHAR2
  is
    L_VAL RAW(32);
    L_ENCRYPTED raw(32);
    L_CHARACTER_SET varchar2(10);
    L_STRING varchar2(32);
    L_KEY RAW(250);
    L_ENCRYPTION_TYPE PLS_INTEGER;
  begin


    L_KEY := UTL_I18N.STRING_TO_RAW
                        ( data => '98345678901234567890123456789012',
                          DST_CHARSET => 'AL32UTF8' );
    L_ENCRYPTION_TYPE := dbms_crypto.encrypt_aes256 
                                    + DBMS_CRYPTO.CHAIN_CBC 
                                    + DBMS_CRYPTO.PAD_PKCS5;
    L_VAL := utl_i18n.string_to_raw
              ( data => p_val,
                dst_charset => 'AL32UTF8' );

    L_ENCRYPTED := dbms_crypto.encrypt
                   ( SRC => L_VAL,
                     TYP => L_ENCRYPTION_TYPE,
                     key => L_KEY );


    return L_ENCRYPTED;
  EXCEPTION when OTHERS then
    RETURN SQLCODE||'-'||SQLERRM;
  end ENCRYPT_VAL;
end PKG_LOGI_PWD_REG;