Oracle DBMS_CRYPTO_FFI
Version 26ai

General Information
Library Note Morgan's Library Page Header
The best Oracle News for FY2026

Oracle Database 26ai will be available on generic Linux platforms in January and soon on AIX and Windows
Purpose Undocumented supporting package for the DBMS_CRYPTO API.
AUTHID DEFINER
Constants There are clearly constants in the package and for purposes of HASH and MAC appear to correspond with the constants defined the DBMS_CRYPTO package. Using that same logic, however, fails to produce a successful outcome withe the COOKIE and ENCRYPT functions.
Dependencies
CRYPTO_TOOLKIT_LIBRARY DBMS_CRYPTO  
Documented No
Exceptions
Error Code Reason
ORA-28827 An invalid cipher type was passed to a PL/SQL function or procedure.
First Available 12.1
Security Model Owned by SYS with no privileges granted
Source {ORACLE_HOME}/rdbms/admin/prvtobtk.plb
Subprograms
DECRYPT ENCRYPT_REUSE PKDECRYPT
DECRYPT_REUSE HASH PKENCRYPT
ECDHDERIVE_SHAREDSECRET HASH_LEN RANDOM
ECDH_GENKEYPAIR KMACXOF SIGN
ENCRYPT MAC VERIFY
 
DECRYPT (3 new 23ai overloads)
Undocumented decryption

Overload 1		 dbms_crypto_ffi.decrypt(
dat IN RAW,
typ IN BINARY_INTEGER,
key IN RAW,
iv  IN RAW)
RETURN RAW;
TBD
Overload 2 dbms_crypto_ffi.decrypt(
dst IN OUT BLOB,
src IN     BLOB,
typ IN     BINARY_INTEGER,
key IN     RAW,
iv  IN     RAW);
TBD
Overload 3 dbms_crypto_ffi.decrypt(
dst IN OUT CLOB,
src IN     BLOB,
typ IN     BINARY_INTEGER,
key IN     RAW,
iv  IN     RAW);
TBD
Overload 4 dbms_crypto_ffi.decrypt(
dat IN RAW,
typ IN BINARY_INTEGER,
key IN RAW,
iv  IN RAW,
aad IN RAW,
tag IN RAW)
RETURN RAW;
TBD
Overload 5 dbms_crypto_ffi.decrypt(
dst IN OUT BLOB,
src IN     BLOB,
typ IN     BINARY_INTEGER,
key IN     RAW,
iv  IN     RAW,
aad IN     RAW,
tag IN     RAW);
TBD
Overload 6 dbms_crypto_ffi.decrypt(
dst IN OUT CLOB,
src IN     BLOB,
typ IN     BINARY_INTEGER,
key IN     RAW,
iv  IN     RAW,
aad IN     RAW,
tag IN     RAW);
TBD
 
DECRYPT_REUSE (new 23ai)
Undocumented

Overload 1		 dbms_crypto_ffi.decrypt_reuse(
dat IN RAW,
typ IN BINARY_INTEGER,
key IN RAW,
iv  IN RAW)
RETURN RAW;
TBD
Overload 2 dbms_crypto_ffi.decrypt_reuse(
dst IN OUT BLOB,
src IN     BLOB,
typ IN     BINARY_INTEGER,
key IN     RAW,
iv  IN     RAW);
TBD
Overload 3 dbms_crypto_ffi.decrypt_reuse(
dst IN OUT CLOB,
src IN     BLOB,
typ IN     BINARY_INTEGER,
key IN     RAW,
iv  IN     RAW);
TBD
Overload 4 dbms_crypto_ffi.decrypt_reuse(
dat IN RAW,
typ IN BINARY_INTEGER,
key IN RAW,
iv  IN RAW,
aad IN RAW,
tag IN RAW)
RETURN RAW;
TBD
Overload 5 dbms_crypto_ffi.decrypt_reuse(
dst IN OUT BLOB,
src IN     BLOB,
typ IN     BINARY_INTEGER,
key IN     RAW,
iv  IN     RAW,
aad IN     RAW,
tag IN     RAW);
TBD
Overload 6 dbms_crypto_ffi.decrypt_reuse(
dst IN OUT CLOB,
src IN     BLOB,
typ IN     BINARY_INTEGER,
key IN     RAW,
iv  IN     RAW,
aad IN     RAW,
tag IN     RAW);
TBD
 
ECDHDERIVE_SHAREDSECRET (new 23ai)
Undocumented dbms_crypto_ecdhderive_sharedsecret(
curveid IN BINARY_INTEGER,
peerpubkey   IN  RAW,
privkey      IN  RAW,
sharedsecret OUT RAW);
TBD
 
ECDH_GENKEYPAIR (new 23ai)
Undocumented dbms_crypto_ecdhderive_sharedsecret(
curveid IN BINARY_INTEGER,
pubkey  OUT RAW,
privkey OUT RAW);
DECLARE
 ppkOut   RAW(2048);
 privkOut RAW(2048);
BEGIN
  dbms_crypto_ffi.ecdh_genKeyPair(42, ppkOut, privkOut);
  dbms_output.put_line(ppkOut);
  dbms_output.put_line(privkOut);
END;
/
*
ORA-28827: An invalid cipher type was passed to a PL/SQL function or procedure.
 
ENCRYPT (3 new 23ai overloads)
Undocumented encryption

Overload 1		 dbms_crypto_ffi.encrypt(
dat IN RAW,
typ IN BINARY_INTEGER,
key IN RAW,
iv  IN RAW)
RETURN RAW;
TBD
Overload 2 dbms_crypto_ffi.encrypt(
dst IN OUT BLOB,
src IN     BLOB,
typ IN     BINARY_INTEGER,
key IN     RAW,
iv  IN     RAW);
TBD
Overload 3 dbms_crypto_ffi.encrypt(
dst IN OUT BLOB,
src IN     CLOB,
typ IN     BINARY_INTEGER,
key IN     RAW,
iv  IN     RAW);
TBD
Overload 4 dbms_crypto_ffi.encrypt(
dat IN  RAW,
typ IN  BINARY_INTEGER,
key IN  RAW,
iv  IN  RAW,
aad IN  RAW,
tag OUT RAW)
RETURN  RAW;
TBD
Overload 5 dbms_crypto_ffi.encrypt(
dst IN OUT BLOB,
src IN     BLOB,
typ IN     BINARY_INTEGER,
key IN     RAW,
iv  IN     RAW,
aad IN     RAW,
tag OUT    RAW);
TBD
Overload 6 dbms_crypto_ffi.encrypt(
dst IN OUT BLOB,
src IN     CLOB,
typ IN     BINARY_INTEGER,
key IN     RAW,
iv  IN     RAW,
aad IN     RAW,
tag OUT    RAW);
TBD
 
ENCRYPT_REUSE (new 23ai)
Undocumented

Overload 1		 dbms_crypto_ffi.encrypt_reuse(
dat IN RAW,
typ IN BINARY_INTEGER,
key IN RAW,
iv  IN RAW)
RETURN RAW;
TBD
Overload 2 dbms_crypto_ffi.encrypt_reuse(
dst  IN OUT BLOB,
srcIN     BLOB,
typ IN     BINARY_INTEGER,
key IN     RAW,
iv  IN     RAW);
TBD
Overload 3 dbms_crypto_ffi.encrypt_reuse(
dst IN OUT BLOB,
src IN     CLOB,
typ IN     BINARY_INTEGER,
key IN     RAW,
iv  IN     RAW);
TBD
Overload 4 dbms_crypto_ffi.encrypt_reuse(
dat IN  RAW,
typ IN  BINARY_INTEGER,
key IN  RAW,
iv  IN  RAW,
aad IN  RAW,
tag OUT RAW)
RETURN RAW;
TBD
Overload 5 dbms_crypto_ffi.encrypt_reuse(
dst IN OUT BLOB,
src IN     BLOB,
typ IN     BINARY_INTEGER,
key IN     RAW,
iv  IN     RAW,
aad IN     RAW,
tag    OUT RAW);
TBD
Overload 6 dbms_crypto_ffi.encrypt_reuse(
dst IN OUT BLOB,
src IN     CLOB,
typ IN     BINARY_INTEGER,
key IN     RAW,
iv  IN     RAW,
aad IN     RAW,
tag    OUT RAW);
TBD
 
HASH
Appears to output a hash based on the raw value provided

Testing has demonstrated that valid values for "typ" are 1 through 6

Overload 1		 dbms_crypto_ffi.hash(
dat IN RAW,
typ IN BINARY_INTEGER)
RETURN RAW;
DECLARE
 rOut             RAW(32767);
 l_credit_card_no VARCHAR2(19) := '1612-1791-1809-2605';
 l_ccn_raw        RAW(128) := utl_raw.cast_to_raw(l_credit_card_no);
BEGIN
  FOR i IN 1 .. 6 LOOP
    rOut := dbms_crypto_ffi.hash(l_ccn_raw, i);
    dbms_output.put_line(TO_CHAR(i) || ': ' || rOut);
  END LOOP;
END;
/
Overload 2 dbms_crypto_ffi.hash(
dat IN BLOB,
typ IN BINARY_INTEGER)
RETURN RAW;
TBD
Overload 3 dbms_crypto_ffi.hash(
dat IN CLOB,
typ IN BINARY_INTEGER)
RETURN RAW;
TBD
 
HASH_LEN (new 23ai)
Undocumented

Overload 1		 dbms_crypto_ffi.hash_len(
dat IN RAW,
typ IN BINARY_INTEGER,
len IN BINARY_INTEGER)
RETURN RAW;
TBD
Overload 2 dbms_crypto_ffi.hash_len(
dat IN BLOB,
typ IN BINARY_INTEGER,
len IN BINARY_INTEGER)
RETURN RAW;
TBD
Overload 3 dbms_crypto_ffi.hash_len(
dat IN CLOB,
typ IN BINARY_INTEGER,
len IN BINARY_INTEGER)
RETURN RAW;
TBD
 
(new 23ai)KMACXOF
Undocumented

Overload 1		 dbms_crypto_ffi.kmacxof(
dat   IN RAW,
typ   IN BINARY_INTEGER,
key   IN RAW,
len   IN BINARY_INTEGER,
custr IN RAW)
RETURN RAW;
TBD
Overload 2 dbms_crypto_ffi.kmacxof(
dat   IN BLOB,
typ   IN BINARY_INTEGER,
key   IN RAW,
len   IN BINARY_INTEGER,
custr IN RAW)
RETURN RAW;
TBD
Overload 3 dbms_crypto_ffi.kmacxof(
dat   IN CLOB,
typ   IN BINARY_INTEGER,
key   IN RAW,
len   IN BINARY_INTEGER,
custr IN RAW)
RETURN RAW;
TBD
 
MAC
Appears to output a Message Authentication Code algorithms provide key (mac)

Testing has demonstrated that valid values for "typ" are 1 through 5

Overload 1		 dbms_crypto_ffi.mac(
dat IN RAW,
typ IN BINARY_INTEGER,
key IN RAW)
RETURN RAW;
DECLARE
 rOut             RAW(32767);
 l_credit_card_no VARCHAR2(19) := '1612-1791-1809-2605';
 l_ccn_raw        RAW(128) := utl_raw.cast_to_raw(l_credit_card_no);
 l_key            RAW(128) := utl_raw.cast_to_raw('abcdefgh');
BEGIN
  FOR i IN 1 .. 5 LOOP
    rOut := dbms_crypto_ffi.mac(l_ccn_raw, i, l_key);
    dbms_output.put_line(TO_CHAR(i) || ': ' || rOut);
  END LOOP;
END;
/
Overload 2 dbms_crypto_ffi.mac(
dat IN BLOB,
typ IN BINARY_INTEGER,
key IN RAW)
RETURN RAW;
TBD
Overload 3 dbms_crypto_ffi.mac(
dat IN CLOB,
typ IN BINARY_INTEGER,
key IN RAW)
RETURN RAW;
TBD
 
PKDECRYPT
Decrypts RAW data using a private key assisted with key algorithm and encryption algorithm and returns decrypted data dbms_crypto_ffi.pkDecrypt(
src        IN RAW,
prv_key    IN RAW,
pubkey_alg IN BINARY_INTEGER,
enc_alg    IN BINARY_INTEGER)
RETURN RAW;
TBD
 
PKENCRYPT
Encrypts RAW data using a public key assisted with key algorithm and encryption algorithm and returns encrypted data dbms_crypto_ffi.pkEncrypt(
src        IN RAW,
PUB_key    IN RAW,
PUBkey_ALG IN BINARY_INTEGER,
ENC_ALG    IN BINARY_INTEGER)
RETURN RAW;
TBD
 
RANDOM
Returns a random raw value based on a numeric input which is probably used as a seed dbms_crypto_ffi.random(num IN BINARY_INTEGER) RETURN RAW;
SELECT dbms_crypto_ffi.random(42);

DBMS_CRYPTO_FFI.RANDOM(42)
-------------------------------------------------------------------------------------
B2F7BB164058D7D40FA5AA9D183FDE74FD91BFA9B31BB48730EF33F67AC20CBFC8EAAD6E8AF06FA58E59
 
SIGN
Signs RAW data using a private key assisted with key algorithm and sign algorithm, and returns a signature dbms_crypto_ffi.sign(
src        IN RAW,
prv_key    IN RAW,
pubkey_alg IN BINARY_INTEGER,
sign_alg   IN BINARY_INTEGER)
RETURN RAW;
TBD
 
VERIFY
Verifies RAW data using the signature, public key assisted with key algorithm, and sign algorithm. It returns TRUE if the signature was verified dbms_crypto_ffi.verify(
src        IN RAW,
sign       IN RAW,
pub_key    IN RAW,
pubkey_alg IN BINARY_INTEGER,
sign_alg   IN BINARY_INTEGER)
RETURN BOOLEAN;
TBD

Related Topics
Built-in Functions
Built-in Packages
Security
DBMS_CRYPTO
DBMS_CRYPTO_INTERNAL
DBMS_RANDOM
DBMS_SQLHASH
Transparent Data Encryption (TDE)
UTL_I18N
UTL_RAW
What's New In 21c
What's New In 26ai

Morgan's Library Page Footer
This site is maintained by Daniel Morgan. Last Updated: This site is protected by copyright and trademark laws under U.S. and International law. © 1998-2026 Daniel A. Morgan All Rights Reserved