| |
1. ¼³ ¸í
¢Ñ Bulletin no : 12036 Âü°í
Oracle 8i Release2(8.1.6)¿¡¼´Â µ¥ÀÌÅ͸¦ ¾ÏÈ£ÈÇÏ¿© ÀúÀåÇÒ ¼ö ÀÖ´Â
Çâ»óµÈ ±â´É(DES Encryption)À» Á¦°ø ÇÕ´Ï´Ù
Áï ½Å¿ëÄ«µå¹øÈ£, Æнº¿öµå µî º¸¾ÈÀÌ ÇÊ¿äÇÑ µ¥ÀÌÅ͸¦ ¾ÏÈ£ÈµÈ ÇüÅ·ΠÀúÀåÇÏ¿©
±âÁ¸ÀÇ 3rd Party ToolÀ̳ª, Application LogicÀ¸·Î ±¸ÇöÇÏ´ø ¾ÏÈ£È Á¤Ã¥À»
µ¥ÀÌÅͺ£À̽º Â÷¿ø¿¡¼ ±¸ÇöÇÒ ¼ö ÀÖµµ·Ï ÇØÁÝ´Ï´Ù.
¢Â DBMS_OBFUSCATION_TOOLKIT
¾ÏÈ£È ±â´ÉÀ» ÀÌ¿ëÇÏ·Á¸é DBMS_OBFUSCATION_TOOLKITÀ» ÀÌ¿ëÇØ¾ß ÇÕ´Ï´Ù.
ÀÌ ÆÐÅ°Áö´Â 4°³ÀÇ ÇÁ·Î½ÃÁ®·Î ÀÌ·ç¾îÁ® ÀÖ½À´Ï´Ù.
- VARCHAR2 ŸÀÔÀ» Encrypt/DecryptÇÒ ¼ö ÀÖ´Â 2°³ÀÇ ÇÁ·Î½ÃÁ®
- RAW ŸÀÔÀ» Encrypt/DecryptÇÒ ¼ö ÀÖ´Â 2°³ÀÇ ÇÁ·Î½ÃÁ®
(´Ù¸¥ ŸÀÔÀº Áö¿øÇÏÁö ¾ÊÀ¸¹Ç·Î numberÀÎ °æ¿ì´Â to_char ÀÌ¿ë)
DBMS_OBFUSCATION_TOOLKITÀ» ÀÌ¿ëÇϱâ À§Çؼ´Â :
1) SYS À¯Àú·Î ¾Æ·¡ÀÇ ½ºÅ©¸³Æ®¸¦ ½ÇÇà ½Ãŵ´Ï´Ù.
@$ORACLE_HOME/rdbms/admin/dbmsobtk.sql
@$ORACLE_HOME/rdbms/admin/prvtobtk.plb
2) ±ÇÇÑÀ» ºÎ¿© ÇÕ´Ï´Ù.
SQL>GRANT execute ON dbms_obfuscation_toolkit TO public;
2. ÆÐÅ°Áö ½ÇÇàÇϱâ
--> ÆÐÅ°Áö ¼±¾ðºÎ »ý¼º
CREATE OR REPLACE PACKAGE CryptIT AS
FUNCTION encrypt( Str VARCHAR2,
hash VARCHAR2 ) RETURN VARCHAR2;
FUNCTION decrypt( xCrypt VARCHAR2,
hash VARCHAR2 ) RETURN VARCHAR2;
END CryptIT;
/
--> ÆÐÅ°Áö º»Ã¼ »ý¼º
CREATE OR REPLACE PACKAGE BODY CryptIT AS
crypted_string VARCHAR2(2000);
FUNCTION encrypt( Str VARCHAR2,
hash VARCHAR2 ) RETURN VARCHAR2 AS
pieces_of_eight INTEGER := ((FLOOR(LENGTH(Str)/8 + .9)) * 8);
BEGIN
dbms_obfuscation_toolkit.DESEncrypt(
input_string => RPAD( Str, pieces_of_eight ),
key_string => RPAD(hash,8,'#'),
encrypted_string => crypted_string );
RETURN crypted_string;
END;
FUNCTION decrypt( xCrypt VARCHAR2,
hash VARCHAR2 ) RETURN VARCHAR2 AS
BEGIN
dbms_obfuscation_toolkit.DESDecrypt(
input_string => xCrypt,
key_string => RPAD(hash,8,'#'),
decrypted_string => crypted_string );
RETURN trim(crypted_string);
END;
END CryptIT;
/
3. ½ÇÇà ¿¹Á¦
1) EncryptÇÏ¿© µ¥ÀÌÅÍ ÀÔ·Â
-- Å×½ºÆ® Å×À̺íÀ» »ý¼º ÇÕ´Ï´Ù.
SQL>create table encrypt_table( id number, passwd varchar(20) );
-- Å×½ºÆ® µ¥ÀÌÆ®·² ÀÔ·Â ÇÕ´Ï´Ù.
-- CryptIT.encrypt(ºñ¹Ð¹øÈ£, Å°°ª)
SQL>INSERT INTO encrypt_table VALUES( 1, CryptIT.encrypt('1234', 'storm'));
1 °³ÀÇ ÇàÀÌ ¸¸µé¾îÁ³½À´Ï´Ù.
SQL>INSERT INTO encrypt_table VALUES( 2, CryptIT.encrypt('5678', 'oramaster'));
1 °³ÀÇ ÇàÀÌ ¸¸µé¾îÁ³½À´Ï´Ù.
2) DecryptÇÏ¿© µ¥ÀÌÅÍ Á¶È¸
--> DecryptÇÏÁö ¾ÊÀ¸¸é ¾ÏÈ£ÈµÈ µ¥ÀÌÅÍ¿Í ºñ±³µÇ¼ °á°ú°ªÀÌ Ãâ·ÂµÇÁö ¾Ê½À´Ï´Ù.
SQL> select id, passwd from encrypt_table where passwd = '1234';
¼±ÅÃµÈ ·¹Äڵ尡 ¾ø½À´Ï´Ù.
--> ÀúÀåÀåÄ¡¿¡ EncryptµÈ °ªÀ¸·Î ÀúÀå µË´Ï´Ù.
SQL> col passwd format a60
SQL> select id, dump(passwd) passwd from encrypt_table;
ID PASSWD
---------- -------------------------------------------------------------
1 Typ=1 Len=8: 246,27,80,184,227,225,245,31
2 Typ=1 Len=8: 175,231,213,125,85,223,46,133
--> EncryptÇÒ ¶§ »ç¿ëÇÑ Key·Î¸¸ DecryptÇÒ ¼ö ÀÖ½À´Ï´Ù.
SQL>SELECT id, CryptIT.decrypt(passwd,'storm') passwd
FROM encrypt_table
WHERE CryptIT.decrypt(passwd,'storm') = '1234';
ID PASSWD
---------- -----------
1 1234
SQL>SELECT id, CryptIT.decrypt(passwd,'oramaster') passwd
FROM encrypt_table
WHERE CryptIT.decrypt(passwd,'oramaster') = '5678';
ID PASSWD
---------- -----------
2 5678
ÁÖÀÇ) Table¿¡ Á¢±Ù ±ÇÇÑÀÌ ÀÖ´Â ´Ù¸¥ À¯Àúµµ Key°ªÀ» ¾Ë¸é DecryptÇÒ ¼ö ÀÖ½À´Ï´Ù.
4) °ü·Ã ORA error number
ORA error 28231 "Invalid input to Obfuscation toolkit"
- input data, key°ªÀÌ NULLÀÏ °æ¿ì ¹ß»ý
ORA error 28232 "Invalid input size for Obfuscation toolkit"
- input data°¡ 8 bytes ¹è¼ö°¡ ¾Æ´Ò °æ¿ì ¹ß»ý
ORA error 28233 "Double encryption not supported by DESEncrypt in Obfuscation toolkit"
- encrypt data¸¦ ´Ù½Ã encrypt°æ¿ì ¹ß»ý
°ü ·Ã ÀÚ ·á
===========
Oracle8i Supplied PL/SQL Packages Reference Release 2 (8.1.6)
|