gregor-e has asked for the wisdom of the Perl Monks concerning the following question:

Monks, I've an Oracle database containing columns that were encrypted using DBMS_CRYPTO. Specifically, they were encrypted using: 
SYS.DBMS_CRYPTO.ENCRYPT(request_des,request_src, SYS.DBMS_CRYPTO.DES_C
+BC_PKCS5, raw_key);

[download]
I need to be able to decrypt these columns using Crypt::DES and Crypt::CBC from Perl. I am able to decrypt the data inside Oracle, like: 
ecryption_type PLS_INTEGER := SYS.DBMS_CRYPTO.DES_CBC_PKCS5;
    v_key RAW(16) := null;

PROCEDURE setkey (p_key IN VARCHAR2)
    IS
    BEGIN
      IF p_key IS not null THEN
        v_key := UTL_RAW.cast_to_raw(p_key);
       dbms_output.put_line(v_key);
      END IF;
    END setkey;

FUNCTION decrypt( p_data IN RAW ) RETURN VARCHAR2 DETERMINISTIC
    IS
      l_decrypted RAW(32767);
    BEGIN
      l_decrypted := sys.DBMS_CRYPTO.decrypt                          
+    
                      ( src => p_data,
                        typ => ecryption_type,
                        KEY => v_key );

      RETURN UTL_I18N.RAW_TO_CHAR(l_decrypted,'AL32UTF8');
    END decrypt;

execute dbcrypt.setkey('mysecret');  
select dbcrypt.decrypt(encrypted_column) from my_table where rownum < 
+10;

[download]

When I attempt to decrypt using seemingly comparable code in Perl, like: 

#!/opt/local/perl/bin/perl -w

use strict;
use DBI;
use Crypt::DES;
use Crypt::CBC;

# establish DB connection
my $dbname = 'dbi:Oracle:my_db.world';
my $user = 'myuser';
my $password = 'mypass';

my $dbh = DBI->connect($dbname, $user, $password);

if (!$dbh)
{
    die "Error connecting to database; $DBI::errstr";
}

$dbh->{LongReadLen} = 8192;

my $sql = "select encrypted_column from my_table where rownum < 10";
my @responseList = map {$_->[0]} @{$dbh->selectall_arrayref($sql)};

my $cipher = Crypt::CBC->new(-key => 'mysecret',
                             -cipher => 'Crypt::DES');

foreach my $cipherText (@responseList)
{
    my $plaintext = $cipher->decrypt($cipherText);

    print "$plaintext\n";
}

[download]

Unfortunately, this Perl code complains: 

Ciphertext does not begin with a valid header for 'salt' header mode

[download]
Any guesses as to why this error message occurs? Since we're reading an ecrypted BLOB, could there be a characterset incompatability that's messing up the header? Or is there some other really obvious thing I should be doing?

Replies are listed 'Best First'.
Re: CBC:Crypt and Oracle
by Anonymous Monk on Mar 14, 2013 at 03:55 UTC

    Any guesses as to why this error message occurs?

    Guessing is not required :) its a problem with the data :)

    Since we're reading an ecrypted BLOB, could there be a characterset incompatability that's messing up the header?

    Its possible -- you can find out by eliminating DBI and the database from the equation, and working with a binmodeed file . If problem remains, Dumper- some dummy data and share :)

    Or is there some other really obvious thing I should be doing?

    I would use Crypt::CBCeasy

    Why? Consider these nodes Simple Crypt::CBC Sample?, Crypt::CBC how does the header/salt work?, Re: Customer data encryption (Crypt::CBC)

    Now I you become versed in block ciphers and blah blah blah, or I could figure out which CBCEasy function works for the data I have and use that

    I prefer simplest api possible

[reply]

Back to Seekers of Perl Wisdom