subject:"RE\: Storing\/retrieving DES3 data w\/Perl"

RE: Storing/retrieving DES3 data w/Perl

2002-08-20 Thread Jesse, Rich


A-ha!  I knew it was casting that was getting me.  On the way back from raw
to varchar2 the Oracle builtin will do NLS_LANG conversion.

THANKS, Jared!  Does this mean I need to buy two of your books now?  ;)

Rich Jesse   System/Database Administrator
[EMAIL PROTECTED]  Quad/Tech International, Sussex, WI USA

> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
> Sent: Tuesday, August 20, 2002 12:14 PM
> To: [EMAIL PROTECTED]
> Cc: Jesse, Rich
> Subject: Re: Storing/retrieving DES3 data w/Perl
> 
> 
> Well, here's one way to do it.
> 
> This converts the data to hex before storing in Oracle.
> 
> Jared
> 
> #!/usr/bin/perl
> 
> use DBI qw(:sql_types);
> use Crypt::TripleDES;
> 
> my ($DBname, $Uname, $Pword ) = ('MYDB','MYUSER','MYPASS');
> my $DESpass = "abcdefgh";
> 
> $dbh = DBI->connect(
> "dbi:Oracle:dv01","scott","tiger",
> {
> RaiseError => 1,
> AutoCommit => 0
> }
> );
> 
> my $DES3 = new Crypt::TripleDES;
> my $Cryptpass = $DES3->encrypt3 ( $Pword, $DESpass );
> my $hexPassword = unpack("H*",$Cryptpass);
> 
> print "Clear  : $Pword\n";
> print "Decrypt: ", $DES3->decrypt3($Cryptpass, $DESpass),"\n";
> print "Hex: $hexPassword\n";
> 
> $dbh->do('truncate table valid_connection');
> 
> $sth = $dbh->prepare(qq(
> INSERT INTO valid_connection(
> db_alias, db_username, db_password, 
> clear_password
> )
> VALUES(?,?,?,?)
> )
> );
> 
> $sth->execute($DBname, $Uname, $hexPassword, $Pword);
> 
> $sth = $dbh->prepare(qq
> {
> SELECT
> db_alias, db_username, db_password, 
> clear_password
> FROM valid_connection
> }
> );
> 
> $sth->execute;
> 
> while ( my $hr = $sth->fetchrow_hashref)
> {
>  my $clearPassword = $DES3->decrypt3(pack("H*", 
> $hr->{DB_PASSWORD}), $DESpass);
>  print "$hr->{DB_ALIAS} $hr->{DB_USERNAME} 
> $clearPassword\n";
> }
> 
> $dbh->disconnect;
-- 
Please see the official ORACLE-L FAQ: http://www.orafaq.com
-- 
Author: Jesse, Rich
  INET: [EMAIL PROTECTED]

Fat City Network Services-- (858) 538-5051  FAX: (858) 538-5051
San Diego, California-- Public Internet access / Mailing Lists

To REMOVE yourself from this mailing list, send an E-Mail message
to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in
the message BODY, include a line containing: UNSUB ORACLE-L
(or the name of mailing list you want to be removed from).  You may
also send the HELP command for other information (like subscribing).

Re: Storing/retrieving DES3 data w/Perl

2002-08-20 Thread Jared . Still


Well, here's one way to do it.

This converts the data to hex before storing in Oracle.

Jared

#!/usr/bin/perl

use DBI qw(:sql_types);
use Crypt::TripleDES;

my ($DBname, $Uname, $Pword ) = ('MYDB','MYUSER','MYPASS');
my $DESpass = "abcdefgh";

$dbh = DBI->connect(
"dbi:Oracle:dv01","scott","tiger",
{
RaiseError => 1,
AutoCommit => 0
}
);

my $DES3 = new Crypt::TripleDES;
my $Cryptpass = $DES3->encrypt3 ( $Pword, $DESpass );
my $hexPassword = unpack("H*",$Cryptpass);

print "Clear  : $Pword\n";
print "Decrypt: ", $DES3->decrypt3($Cryptpass, $DESpass),"\n";
print "Hex: $hexPassword\n";

$dbh->do('truncate table valid_connection');

$sth = $dbh->prepare(qq(
INSERT INTO valid_connection(
db_alias, db_username, db_password, clear_password
)
VALUES(?,?,?,?)
)
);

$sth->execute($DBname, $Uname, $hexPassword, $Pword);

$sth = $dbh->prepare(qq
{
SELECT
db_alias, db_username, db_password, clear_password
FROM valid_connection
}
);

$sth->execute;

while ( my $hr = $sth->fetchrow_hashref)
{
 my $clearPassword = $DES3->decrypt3(pack("H*", 
$hr->{DB_PASSWORD}), $DESpass);
 print "$hr->{DB_ALIAS} $hr->{DB_USERNAME} 
$clearPassword\n";
}

$dbh->disconnect;






"Jesse, Rich" <[EMAIL PROTECTED]>
Sent by: [EMAIL PROTECTED]
08/19/2002 12:10 PM
Please respond to ORACLE-L

 
To: Multiple recipients of list ORACLE-L <[EMAIL PROTECTED]>
cc: 
Subject:Storing/retrieving DES3 data w/Perl


Hi all (especially Jared!),

I'm trying to store a password in an Oracle 8.0.5 table using Perl and 
DES3.
I've tried making the attached Perl, but I can never get the password to
return correctly.  My guess is that there is some casting going on that is
hosing up the raw data.

I've got the "valid_connection" table defined as:

CREATE TABLE VALID_CONNECTION ( 
  DB_ALIAS VARCHAR2 (32)  NOT NULL, 
  DB_USERNAME  VARCHAR2 (32)  NOT NULL, 
  DB_PASSWORD  RAW (256)

..but I can change it to be whatever.  I've tried several incarnations of
using "utl_raw" and not using it, along with "SQL_BINARY" datatype on the
bind, but I'm not having any luck.

I seem to learn best by example.  Does anyone have one?

Rich Jesse   System/Database Administrator
[EMAIL PROTECTED]  Quad/Tech International, Sussex, WI 
USA

p.s.  No DBMS_OBFUSCATION_TOOLKIT, since this is only 8.0...

#!/usr/bin/perl

use DBI qw(:sql_types);
use Crypt::TripleDES;

my ($DBname, $Uname, $Pword, $Cryptpass, $DES3, $DESpass);

$Rdbh = DBI->connect("dbi:Oracle:THISDB","SOMEUSER","SOMEPASS",
 { RaiseError => 1, AutoCommit => 0 });

$DBname = "MYDB";
$Uname = "MYUSER";
$Pword = "MYPASS";

$DES3 = new Crypt::TripleDES;
$DESpass = "abcdefgh";
$Cryptpass = $DES3->encrypt3 ( $Pword, $DESpass );

$Rsth = $Rdbh->prepare(qq(INSERT INTO valid_connection (db_alias,
db_username, db_password) VALUES(:b1,:b2,utl_raw.cast_to_raw(:b3;
$Rsth->bind_param(":b1",$DBname);
$Rsth->bind_param(":b2",$Uname);
$Rsth->bind_param(":b3",$Cryptpass, SQL_BINARY);
$Rsth->execute;
$Rsth->finish;

$Rsth = $Rdbh->prepare(qq{SELECT db_alias, db_username,
utl_raw.cast_to_varchar2(db_password) FROM valid_connection});
$Rsth->execute;
$Rsth->bind_columns(\($DBname, $Uname, $Cryptpass));
while ($Rsth->fetch)
{
 $Pword = $DES3->decrypt3 ( $Cryptpass, $DESpass );
 print "$DBname $Uname $Pword\n";
}
$Rsth->finish;

$Rdbh->disconnect;
-- 
Please see the official ORACLE-L FAQ: http://www.orafaq.com
-- 
Author: Jesse, Rich
  INET: [EMAIL PROTECTED]

Fat City Network Services-- (858) 538-5051  FAX: (858) 538-5051
San Diego, California-- Public Internet access / Mailing Lists

To REMOVE yourself from this mailing list, send an E-Mail message
to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in
the message BODY, include a line containing: UNSUB ORACLE-L
(or the name of mailing list you want to be removed from).  You may
also send the HELP command for other information (like subscribing).



-- 
Please see the official ORACLE-L FAQ: http://www.orafaq.com
-- 
Author: 
  INET: [EMAIL PROTECTED]

Fat City Network Services-- (858) 538-5051  FAX: (858) 538-5051
San Diego, California-- Public Internet access / Mailing Lists

To REMOVE yourself from this mailing list, send an E-Mail message
to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in
the message BODY, include a line containing: UNSUB ORACLE-L
(or the name of mailing list you want to be removed from).  You may
also send the HELP command for other information (like subscribing).

RE: Storing/retrieving DES3 data w/Perl

Re: Storing/retrieving DES3 data w/Perl

2 matches

Site Navigation

Mail list logo

Footer information