For basic encryption purposes, base 64 encoding can be used. In fact its so basic that it would probably be incorrect to call it encryption. Its more encoding, basically preventing the subject text from appearing in plain text.
For example, if in some tool, all the parameters are stored in repository tables, and therefore, its not very nice if the passwords are stored there in plain text. They should at least be made illegible, so that they dont appear in plain text and there is some effort spent in decoding it.
Base64 encoding is an industry standard and almost all programming languages, development toolkits provide plugins for this. For Oracle, there are pre-existing packages providing the functionality.
We can use base 64 encoding on oracle side using Oracle supplied package UTL_ENCODE
. On the perl side, we could use cpan package MIME:Base64
The idea is that, such sensitive data to be entered by customers, in encoded format. So, we also dont see the plain text version. And then the program uses the encoded version, right to the point before actual data needs to be used.
For achieving this, following way of working can be used :
1. On Oracle side, the sensitive data is encoded using a program call equivalent to the following will return an encoded/decoded string for a given input string.
FUNCTION fnc_encrypt(lv_str IN VARCHAR2)
FUNCTION fnc_decrypt(lv_str IN VARCHAR2)
Its a design decision whether to put this code in a procedure/package somewhere.
2. On the other end of the processing chain, reverse operation would have to be performed. For example, in Perl, the implementation relies on the cpan package MIME:Base64
use MIME::Base64 ();
and then use the decode/encode function as per the need...