Oracle DBMS_CRYPTO
Version 26ai

General Information
Library Note Morgan's Library Page Header
The best Oracle News for FY2026

Oracle Database 26ai will be available on generic Linux platforms in January and soon on AIX and Windows
Purpose Encryption, decryption, hashing, random string and numeric value generation.

The file header states the following: "... contains basic cryptographic functions and procedures. To use correctly and securely, a general level of security expertise is assumed. VARCHAR2 datatype is not supported. Cryptographic operations on this type should be prefaced with conversions to a uniform character set (AL32UTF8) and conversion to RAW type. Prior to encryption, hashing or keyed hashing, CLOB datatype is converted to AL32UTF8. This allows cryptographic data to be transferred and understood between databases with different character sets, across character set changes and between separate processes (for example, Java programs)."

Our expectation here at the library is that a "general level of security expertise" does not exist in the DBA community and recommend retaining the services of a consultant with a proven track record.
AUTHID DEFINER
Constants
Name Data Type Value
 Hash Functions
HASH_MD5 (128 bit hash) PLS_INTEGER 2 (deprecated)
HASH_SH1 (160 bit hash) PLS_INTEGER 3 (deprecated)
HASH_SH256 PLS_INTEGER 4
HASH_SH384 PLS_INTEGER 5
HASH_SH512 PLS_INTEGER 6
HASH_SM3 PLS_INTEGER 7
HASH_SHA3_224 PLS_INTEGER 8
HASH_SHA3_256 PLS_INTEGER 9
HASH_SHA3_384 PLS_INTEGER 10
HASH_SHA3_512 PLS_INTEGER 11
HASH_SHAKE128 PLS_INTEGER 12
HASH_SHAKE256 PLS_INTEGER 13
 MAC Functions
HMAC_MD5 (128 bit hash) PLS_INTEGER 1 (deprecated)_
HMAC_SH1 (160 bit hash) PLS_INTEGER 2 (deprecated)
HMAC_SH256 PLS_INTEGER 3
HMAC_SH384 PLS_INTEGER 4
HMAC_SH512 PLS_INTEGER 5
HMAC_SHA3_224 PLS_INTEGER 6
HMAC_SHA3_256 PLS_INTEGER 7
HMAC_SHA3_384 PLS_INTEGER 8
HMAC_SHA3_512 PLS_INTEGER 9
 Public Key Encryption Algorithms
PKENCRYPT_RSA_PKCS1_OAEP PLS_INTEGER 1
PKENCRYPT_RSA_PKCS1_OAEP_SHA2 PLS_INTEGER 2
PKENCRYPT_SM2 PLS_INTEGER 3
 Public Key Type Algorithms
KEY_TYPE_RSA PLS_INTEGER 1
KEY_TYPE_ECDSA PLS_INTEGER 2
KEY_TYPE_SM2 PLS_INTEGER 3
 Public Key Signature Type Algorithms
SIGN_SHA224_RSA PLS_INTEGER 1
SIGN_SHA256_RSA PLS_INTEGER 2
SIGN_SHA224_RSA_X931 PLS_INTEGER 3
SIGN_SHA384_RSA PLS_INTEGER 4
SIGN_SHA384_RSA_X931 PLS_INTEGER 5
SIGN_SHA512_RSA PLS_INTEGER 6
SIGN_SHA512_RSA_X931 PLS_INTEGER 7
SIGN_SHA1_RSA PLS_INTEGER 8 (deprecated)
SIGN_SHA1_RSA_X931 PLS_INTEGER 9 (deprecated)
SIGN_SHA224_ECDSA PLS_INTEGER 14
SIGN_SHA256_ECDSA PLS_INTEGER 15
SIGN_SHA384_ECDSA PLS_INTEGER 16
SIGN_SHA512_ECDSA PLS_INTEGER 17
SIGN_ECDSA PLS_INTEGER 8
SIGN_SM4_SM2 PLS_INTEGER 19
SIGN_SHA3_224_RSA PLS_INTEGER 20
SIGN_SHA3_256_RSA PLS_INTEGER 21
SIGN_SHA3_384_RSA PLS_INTEGER 22
SIGN_SHA3_512_RSA PLS_INTEGER 23
SIGN_SHA3_224_ECDSA PLS_INTEGER 24
SIGN_SHA3_256_ECDSA PLS_INTEGER 25
SIGN_SHA3_384_ECDSA PLS_INTEGER 26
SIGN_SHA3_512_ECDSA PLS_INTEGER 27
 Block Cipher Algorithms
ENCRYPT_DES PLS_INTEGER 1 (deprecated)
ENCRYPT_3DES2KEY PLS_INTEGER 2 (deprecated)
ENCRYPT_3DES PLS_INTEGER 3 (deprecated)
ENCRYPT_AES PLS_INTEGER 4
ENCRYPT_PBE_MD5DES PLS_INTEGER 5
ENCRYPT_AES128 PLS_INTEGER 6
ENCRYPT_AES192 PLS_INTEGER 7
ENCRYPT_AES256 PLS_INTEGER 8
ENCRYPT_SM4 PLS_INTEGER 9
 Block Cipher Chaining Modifiers
CHAIN_CBC PLS_INTEGER 256 (deprecated)
CHAIN_CFB PLS_INTEGER 512
CHAIN_ECB PLS_INTEGER 768
CHAIN_OFB PLS_INTEGER 1024
CHAIN_GCM PLS_INTEGER 1280
CHAIN_CCM PLS_INTEGER 1536
CHAIN_XTS PLS_INTEGER 2048
 Block Cipher Padding Modifiers
PAD_PKCS5 PLS_INTEGER 4096
PAD_NONE PLS_INTEGER 8192
PAD_ZERO PLS_INTEGER 12288
PAD_ORCL PLS_INTEGER 16384
 Stream Cipher Algorithms
ENCRYPT_RC4 PLS_INTEGER 129 (deprecated)
 Convenience Constants for Block Ciphers
DES_CBC_PKCS5 (depreated) PLS_INTEGER ENCRYPT_DES+CHAIN_CBC+PAD_PKCS5
DES3_CBC_PKCS5 (deprecated) PLS_INTEGER ENCRYPT_3DES+CHAIN_CBC+PAD_PKCS5
AES_CBC_PKCS5 PLS_INTEGER ENCRYPT_AES+CHAIN_CBC+PAD_PKCS5
AES_GCM_NONE PLS_INTEGER ENCRYPT_AES+CHAIN_GCM+PAD_NONE
AES_CCM_NONE PLS_INTEGER ENCRYPT_AES_CHAIN_CCM+PAD_NONE
AES_XTS_NONE PLS_INTEGER ENCRYPT_AES+CHAIN_XTS+PAD_NONE
SM4_CFB_NONE PLS_INTEGER ENCRYPT_SM4+CHAN_CFB_+PAD_NONE
SM4_OFB_NONE PLS_INTEGER ENCRYPT_SM4+CHAIN_OFB+PAD_NONE
 General
SECP_256_R1 PLS_INTEGER 1
LEGACY_DEFAULT_IV VARCHAR2(16) '0123456789ABCDEF'
DES3_CDB_NONE (deprecated) PLS_INTEGER ENCRYPT_3DES+CHAIN_CBC+PAD_NONE
Dependencies
DBMS_CRYPTO_FFI DBMS_LOB DBMS_VECTOR
DBMS_DEBUG DBMS_METADATA_DIFF DBMS_VECTOR_CHAIN
DBMS_FLASHBACK_ARCHIVE DBMS_REGISTRY JVMRJBC
DBMS_GSM_POOLADMIN DBMS_REGISTRY_SYS KUPM$MCP
DBMS_ISCHED DBMS_SCHEDULER UTL_RAW
DBMS_ISCHED_REMOTE_ACCESS DBMS_SQLHASH  
Documented Yes: Packages and Types Reference
Exceptions
Error Code Reason
ORA-28827 The specified cipher suite is not defined
ORA-28829 No value has been specified for the cipher suite to be used
ORA-28233 Source data was previously encrypted
ORA-28234 DES: Specified key size too short. DES keys must be at least 8 bytes (64 bits).
AES: Specified key size is not supported. AES keys must be 128, 192, or 256 bits
ORA-28239 The encryption key has not been specified or contains a NULL value
First Available 10.1
Security Model Owned by SYS with EXECUTE granted to CTXSYS, DBSNMP and GSMADMIN_INTERNAL
Source {ORACLE_HOME}/rdbms/admin/dbmsobtk.sql
Subprograms
DECRYPT HASH RANDOMBYTES
DECRYPT_REUSE HASH_LEN RANDOMINTEGER
ECDHDERIVE_SHAREDSECRET KMACXOF RANDOMNUMBER
ECHD_GENKEYPAIR MAC SIGN
ENCRYPT PKDECRYPT VERIFY
ENCRYPT_RESUSE PKENCRYPT  
 
DECRYPT (3 new 23ai overloads)
Decrypt crypt text data using stream or block cipher with user supplied key and optional iv

Overload 1		 dbms_crypto.decrypt(
src IN RAW,
typ IN PLS_INTEGER,
key IN RAW,
iv  IN RAW DEFAULT NULL)
RETURN RAW;
See Encrypt Overload 1 demo
Overload 2 dbms_crypto.decrypt(
dst IN OUT NOCOPY BLOB,
src IN            BLOB,
typ IN            PLS_INTEGER,
key IN            RAW,
iv  IN            RAW DEFAULT NULL);
TBD
Overload 3 dbms_crypto.decrypt (
dst IN OUT NOCOPY CLOB CHARACTER SET ANY_CS,
src IN            BLOB,
typ IN            PLS_INTEGER,
key IN            RAW,
iv  IN            RAW DEFAULT NULL);
TBD
GCM Mode

Overload 4		 dbms_crypto.decrypt (
src IN RAW,
typ IN PLS_INTEGER,
key IN RAW,
iv  IN RAW DEFAULT NULL,
aad IN RAW DEFAULT NULL,
tag IN RAW)
RETURN RAW;
TBD
GCM Mode

Overload 5		 dbms_crypto.decrypt (
dst IN OUT NOCOPY BLOB,
src IN            BLOB,
typ IN            PLS_INTEGER,
key IN            RAW,
iv  IN            RAW DEFAULT NULL,
aad IN            RAW DEFAULT NULL,
tag IN            RAW);
TBD
GCM Mode

Overload 6		 dbms_crypto.decrypt (
dst IN OUT NOCOPY CLOB CHARACTER SET ANY_CS,
src IN            BLOB,
typ IN            PLS_INTEGER,
key IN            RAW,
iv  IN            RAW DEFAULT NULL,
aad IN            RAW DEFAULT NULL,
tag IN            RAW);
TBD
 
DECRYPT_REUSE (new 23ai)
Decrypt plain text data using stream or block cipher

Overload 1		 dbms_crypto.decrypt_reuse(
src IN RAW,
typ IN PLS_INTEGER,
key IN RAW,
iv  IN RAW DEFAULT NULL)
RETURN RAW;
TBD
Overload 2 dbms_crypto.decrypt_reuse(
dst IN OUT NOCOPY BLOB,
src IN            BLOB,
typ IN            PLS_INTEGER,
key IN            RAW,
iv  IN            RAW DEFAULT NULL);
TBD
Overload 3 dbms_crypto.decrypt_reuse(
dst IN OUT NOCOPY CLOB CHARACTER SET ANY_CS,
src IN            BLOB,
typ IN            PLS_INTEGER,
key IN            RAW,
iv  IN            RAW DEFAULT NULL);
TBD
GCM Mode

Overload 4		 dbms_crypto.decrypt_reuse(
src IN RAW,
typ IN PLS_INTEGER,
key IN RAW,
iv  IN RAW DEFAULT NULL,
aad IN RAW DEFAULT_NULL,
tag IN RAW);
TBD
GCM Mode

Overload 5		 dbms_crypto.decrypt_reuse(
dst IN OUT NOCOPY BLOB,
src IN            BLOB,
typ IN            PLS_INTEGER,
key IN            RAW,
iv  IN            RAW DEFAULT NULL,
aad IN            RAW DEFAULT_NULL,
tag IN            RAW);
TBD
GCM Mode

Overload 6		 dbms_crypto.decrypt_reuse(
dst IN OUT NOCOPY CLOB CHARACTER SET ANY_CS,
src IN            BLOB,
typ IN            PLS_INTEGER,
key IN            RAW,
iv  IN            RAW DEFAULT NULL,
aad IN            RAW DEFAULT_NULL,
tag IN            RAW);
TBD
 
ECDHDERIVE_SHAREDSECRET (new 23ai)
Derives a shared secret using the private key of local application and the  public key from a remote application dbms_crypto.ecdhDerive_sharedSecret(
curveID      IN  PLS_INTEGER,
peerpubkey   IN  RAW,
privkey      IN  RAW,
sharedsecret OUT RAW);
TBD
 
ECDH_GENKEYPAIR (new 23ai)
Generates an EC public/private key pair dbms_crypto.ecdh_genKeyPair(
curveID IN  PLS_INTEGER,
pubkey  OUT RAW,
privkey OUT RAW);
TBD
 
ENCRYPT (3 new 23ai overloads)
Encrypt plain text data using stream or block cipher with user supplied key and optional iv

Overload 1		 dbms_crypto.encrypt(
src IN RAW,
typ IN PLS_INTEGER,
key IN RAW,
iv  IN RAW DEFAULT NULL)
RETURN RAW;
set serveroutput on

DECLARE
 l_credit_card_no VARCHAR2(19) := '1612-1791-1809-2605';
 l_ccn_raw RAW(128) := utl_raw.cast_to_raw(l_credit_card_no);
 l_key     RAW(128) := utl_raw.cast_to_raw('abcdefgh');
 l_encrypted_raw RAW(2048);
 l_decrypted_raw RAW(2048);
BEGIN
  dbms_output.put_line('Original : ' || l_credit_card_no);
  l_encrypted_raw := dbms_crypto.encrypt(l_ccn_raw, dbms_crypto.des_cbc_pkcs5, l_key);
  dbms_output.put_line('Encrypted : ' || RAWTOHEX(utl_raw.cast_to_raw(l_encrypted_raw)));
  l_decrypted_raw := dbms_crypto.decrypt(src => l_encrypted_raw, typ => dbms_crypto.des_cbc_pkcs5, key => l_key);
  dbms_output.put_line('Decrypted : ' || utl_raw.cast_to_varchar2(l_decrypted_raw));
END;
/
set serveroutput on

DECLARE
 enc_val   RAW(2000);
 l_key     RAW(2000);
 l_key_len NUMBER := 128/8; -- convert bits to bytes
 l_mod     NUMBER := dbms_crypto.ENCRYPT_AES128+dbms_crypto.CHAIN_CBC+dbms_crypto.PAD_ZERO;
BEGIN
  l_key := dbms_crypto.randombytes(l_key_len);
  enc_val := dbms_crypto.encrypt(utl_i18n.string_to_raw('4114-0113-1518-7114', 'AL32UTF8'), l_mod, l_key);
  dbms_output.put_line(enc_val);
END;
/
set serveroutput on

DECLARE
 enc_val RAW(2000);
 l_key RAW(2000);
 l_key_len NUMBER := 128/8; -- convert bits to bytes
 l_mod NUMBER := dbms_crypto.ENCRYPT_AES128 + dbms_crypto.CHAIN_CBC + dbms_crypto.PAD_ZERO;
BEGIN
  l_key := dbms_crypto.randombytes(l_key_len);
  enc_val := dbms_crypto.encrypt(utl_raw.cast_to_raw(CONVERT('Morgan','AL32UTF8')), l_mod, l_key);
  dbms_output.put_line(enc_val);
END;
/
Overload 2 dbms_crypto.encrypt(
dst IN OUT NOCOPY BLOB,
src IN            BLOB,
typ IN            PLS_INTEGER,
key IN            RAW,
iv  IN            RAW DEFAULT NULL);
TBD
Overload 3 dbms_crypto.encrypt(
dst IN OUT NOCOPY BLOB,
src IN            CLOB CHARACTER SET ANY_CS,
typ IN            PLS_INTEGER,
key IN            RAW,
iv  IN            RAW DEFAULT NULL);
TBD
GCM Mode

Overload 4		 dbms_crypto.encrypt(
src IN RAW,
typ IN PLS_INTEGER,
key IN RAW,
iv  IN RAW DEFAULT NULL,
aad IN RAW DEFAULT NULL,
tag OUT RAW);
TBD
GCM Mode

Overload 5		 dbms_crypto.encrypt(
dst IN OUT NOCOPY BLOB,
src IN            BLOB,
key IN            RAW,
iv  IN            RAW DEFAULT NULL,
aad IN            RAW DEFAULT NULL,
tag    OUT        RAW);
TBD
GCM Mode

Overload 6		 dbms_crypto.encrypt(
dst IN OUT NOCOPY BLOB,
src IN            CLOB CHARACTER SET ANY_CS,
typ IN            PLS_INTEGER,
key IN            RAW,
iv  IN            RAW DEFAULT NULL,
aad IN            RAW DEFAULT NULL,
tag    OUT        RAW);
TBD
 
ENCRYPT_REUSE (new 23ai)
Encrypt plain text data using stream or block cipher

Overload 1		 dbms_crypto.encrypt_reuse(
src IN RAW,
typ IN PLS_INTEGER,
key IN RAW,
iv  IN RAW DEFAULT NULL)
RETURN RAW;
TBD
Overload 2 dbms_crypto.encrypt_reuse(
dst IN OUT NOCOPY BLOB,
src IN            BLOB,
typ IN            PLS_INTEGER,
key IN            RAW,
iv  IN            RAW DEFAULT NULL);
TBD
Overload 3 dbms_crypto.encrypt_reuse(
dst IN OUT NOCOPY CLOB CHARACTER SET ANY_CS,
src IN            BLOB,
typ IN            PLS_INTEGER,
key IN            RAW,
iv  IN            RAW DEFAULT NULL);
TBD
GCM Mode

Overload 4		 dbms_crypto.encrypt_reuse(
src  IN  RAW,
typ  IN  PLS_INTEGER,
key  IN  RAW,
iv   IN  RAW DEFAULT NULL,
aad  IN  RAW DEFAULT NULL,
tag  OUT RAW)
RETURN RAW;
TBD
GCM Mode

Overload 5		 dbms_crypto.encrypt_reuse(
dst IN OUT NOCOPY BLOB,
src IN            BLOB,
typ IN            PLS_INTEGER,
key IN            RAW,
iv  IN            RAW DEFAULT NULL,
aad IN            RAW DEFAULT NULL,
tag    OUT        RAW);
TBD
GCM Mode

Overload 6		 dbms_crypto.encrypt_reuse(
dst IN OUT NOCOPY BLOB,
src IN            CLOB CHARACTER SET ANY_CS,
typ IN            PLS_INTEGER,
key IN            RAW,
iv  IN            RAW DEFAULT NULL,
aad IN            RAW DEFAULT NULL,
tag    OUT        RAW);
TBD
 
HASH
Hash source data by cryptographic hash type

Overload 1		 dbms_crypto.hash(
src IN RAW,
typ IN PLS_INTEGER)
RETURN RAW;
set serveroutput on

DECLARE
 l_credit_card_no VARCHAR2(19) := '4114-0113-1518-7114';
 l_ccn_raw RAW(128) := utl_raw.cast_to_raw(l_credit_card_no);
 l_encrypted_raw RAW(2048);
BEGIN
  dbms_output.put_line('CC:  ' || l_ccn_raw);

  l_encrypted_raw := dbms_crypto.hash(l_ccn_raw, dbms_crypto.hash_md4);
  dbms_output.put_line('MD4: ' || l_encrypted_raw);

  l_encrypted_raw := dbms_crypto.hash(l_ccn_raw, dbms_crypto.hash_md5);
  dbms_output.put_line('MD5: ' || l_encrypted_raw);

  l_encrypted_raw := dbms_crypto.hash(l_ccn_raw, dbms_crypto.hash_sh1);
  dbms_output.put_line('SH1: ' || l_encrypted_raw);

  l_encrypted_raw := dbms_crypto.hash(l_ccn_raw, dbms_crypto.hash_sh256);
  dbms_output.put_line('SH2-256: ' || l_encrypted_raw);

  l_encrypted_raw := dbms_crypto.hash(l_ccn_raw, dbms_crypto.hash_sh384);
  dbms_output.put_line('SH2-384: ' || l_encrypted_raw);

  l_encrypted_raw := dbms_crypto.hash(l_ccn_raw, dbms_crypto.hash_sh512);
  dbms_output.put_line('SH2-512: ' || l_encrypted_raw);
END;
/
Overload 2 dbms_crypto.hash(
src IN BLOB,
typ IN PLS_INTEGER)
RETURN RAW;
TBD
Overload 3 dbms_crypto.hash(
src IN CLOB CHARACTER SET ANY_CS,
typ IN PLS_INTEGER)
RETURN RAW;
DECLARE
 lRaw  RAW(512);
 lClob CLOB := 'Patient is showing signs of pizza box intolerance: Try an ODA';
BEGIN
  dbms_output.put_line('Source:  ' || SUBSTR(lClob,1,128));

  lRaw := dbms_crypto.hash(lClob, dbms_crypto.hash_sh512);
  dbms_output.put_line('SH2-512: ' || lRaw);
END;
/
Overload 3 dbms_crypto.hash(
src IN CLOB CHARACTER SET ANY_CS,
typ IN PLS_INTEGER)
RETURN RAW;
DECLARE
 lRaw  RAW(512);
 lClob CLOB := 'Patient is showing signs of pizza box intolerance: Try an ODA';
BEGIN
  dbms_output.put_line('Source:  ' || SUBSTR(lClob,1,128));

  lRaw := dbms_crypto.hash(lClob, dbms_crypto.hash_sh512);
  dbms_output.put_line('SH2-512: ' || lRaw);
END;
/
 
HASH_LEN (new 23ai)
Variable length hash source data by cryptographic hash type

Overload 1		 dbms_crypto.hash_len(
src IN RAW,
typ IN PLS_INTEGER,
len IN PLS_INTEGER)
RETURN RAW DETERMINISTIC;
TBD
Overload 2 dbms_crypto.hash_len(
src IN BLOB,
typ IN PLS_INTEGER,
len IN PLS_INTEGER)
RETURN RAW DETERMINISTIC;
TBD
Overload 3 dbms_crypto.hash_len(
src IN CLOB CHARACTER SET ANY_CS,
typ IN PLS_INTEGER,
len IN PLS_INTEGER)
RETURN RAW DETERMINISTIC;
TBD
 
KMACXOF (new 23ai)
Keccak message authentication code algorithms

Overload 1		 dbms_crypto.KmacXof(
src   IN RAW,
type  IN PLS_INTEGER,
key   IN RAW,
len   IN PLS_INTEGER,
custr IN RAW)
RETURN RAW;
TBD
Overload 2 dbms_crypto.KmacXof(
src   IN BLOB,
typ   IN PLS_INTEGER,
key   IN RAW,
len   IN PLS_INTEGER,
custr IN RAW)
RETURN RAW;
TBD
Overload 3 dbms_crypto.KmacXof(
src   IN CLOB CHARACTER SET ANY_CS,
typ   IN PLS_INTEGER,
key   IN RAW,
len   IN PLS_INTEGER,
custr IN RAW)
RETURN RAW;
TBD
 
MAC
Message Authentication Code algorithms provide keyed message protection

Overload 1		 dbms_crypto.mac(
src IN RAW,
typ IN PLS_INTEGER,
key IN RAW)
RETURN RAW;
set serveroutput on

DECLARE
 l_credit_card_no VARCHAR2(19) := '4114-0113-1518-7114';
 l_ccn_raw RAW(128) := utl_raw.cast_to_raw(l_credit_card_no);
 l_key     RAW(128) := utl_raw.cast_to_raw('abcdefgh');
 l_encrypted_raw RAW(2048);
BEGIN
  dbms_output.put_line('CC:  ' || l_ccn_raw);
  dbms_output.put_line('Key: ' || l_key);

  l_encrypted_raw := dbms_crypto.mac(l_ccn_raw, 1, l_key);
  dbms_output.put_line('MD5: ' || l_encrypted_raw);

  l_encrypted_raw := dbms_crypto.mac(l_ccn_raw, 2, l_key);
  dbms_output.put_line('SH1: ' || l_encrypted_raw);
END;
/
Overload 2 dbms_crypto.mac(
src IN BLOB,
typ IN PLS_INTEGER,
key IN RAW)
RETURN RAW;
TBD
Overload 3 dbms_crypto.mac(
src IN CLOB CHARACTER SET ANY_CS,
typ IN PLS_INTEGER,
key IN RAW)
RETURN RAW;
TBD
 
PKDECRYPT
Decrypts RAW data using a private key assisted with key algorithm and encryption algorithm and returns decrypted data dbms_crypto.pkDecrypt(
src        IN RAW,
prv_key    IN RAW,
pubkey_alg IN BINARY_INTEGER,
enc_alg    IN BINARY_INTEGER)
RETURN RAW;
TBD
 
PKENCRYPT
Encrypts RAW data using a public key assisted with key algorithm and encryption algorithm and returns encrypted data dbms_crypto.pkEncrypt(
src        IN RAW,
pub_key    IN RAW,
pubkey_alg IN BINARY_INTEGER,
enc_alg    IN BINARY_INTEGER)
RETURN RAW;
TBD
 
RANDOMBYTES
Returns a raw value containing a pseudo-random sequence of bytes dbms_crypto.randombytes(number_bytes PLS_INTEGER) RETURN RAW;
SELECT dbms_crypto.randombytes(1);

DBMS_CRYPTO.RANDOMBYTES(1)
--------------------------
16

SELECT LENGTH(dbms_crypto.randombytes(1));

LENGTH(DBMS_CRYPTO.RANDOMBYTES(1))
----------------------------------
                                 2

SELECT dbms_crypto.randombytes(28);
SELECT LENGTH(dbms_crypto.randombytes(28));

SELECT dbms_crypto.randombytes(64);
SELECT LENGTH(dbms_crypto.randombytes(64));
 
RANDOMINTEGER
Returns a random BINARY_INTEGER dbms_crypto.randominteger RETURN BINARY_INTEGER;
SELECT dbms_crypto.randominteger;

RANDOMINTEGER
-------------
-1.523E+09

col randominteger format 9999999999

SELECT dbms_crypto.randominteger;

RANDOMINTEGER
-------------
1519538209
 
RANDOMNUMBER
Returns a random Oracle Number dbms_crypto.randomnumber RETURN NUMBER;
SELECT dbms_crypto.randomnumber;

RANDOMNUMBER
------------
3.1756E+38

col randomnumber format 9999999999999999999999999999999999999999

SELECT dbms_crypto.randomnumber;

RANDOMNUMBER
-----------------------------------------
  190581725488630653302559417548981105144
 
SIGN
Signs RAW data using a private key assisted with key algorithm and sign algorithm, and returns a signature dbms_crypto.sign(
src        IN RAW,
prv_key    IN RAW,
pubkey_alg IN BINARY_INTEGER,
sign_alg   IN BINARY_INTEGER)
RETURN RAW;
TBD
 
VERIFY
Verifies RAW data using the signature, public key assisted with key algorithm, and sign algorithm. It returns TRUE if the signature was verified dbms_crypto.verify(
src        IN RAW,
sign       IN RAW,
pub_key    IN RAW,
pubkey_alg IN BINARY_INTEGER,
sign_alg   IN BINARY_INTEGER)
RETURN BOOLEAN;
TBD

Related Topics
Built-in Functions
Built-in Packages
Security
DBMS_CRYPTO_FFI
DBMS_CRYPTO_INTERNAL
DBMS_RANDOM
DBMS_SQLHASH
Label Security
Net Services
Oracle IDentity (OID)
Transparent Data Encryption (TDE)
UTL_I18N
UTL_RAW
What's New In 21c
What's New In 26ai

Morgan's Library Page Footer
This site is maintained by Daniel Morgan. Last Updated: This site is protected by copyright and trademark laws under U.S. and International law. © 1998-2026 Daniel A. Morgan All Rights Reserved