Skip Headers

Oracle® OLAP DML Reference
10g Release 1 (10.1)

Part Number B10339-02
Go to Documentation Home
Home
Go to Book List
Book List
Go to Table of Contents
Contents
Go to Index
Index
Go to Master Index
Master Index
Go to Feedback page
Feedback

Go to previous page
Previous
Go to next page
Next
View PDF

OBSCURE

The OBSCURE function provides two mechanisms for encrypting a single-line text expression. Depending on the mechanism you use, OBSCURE can also restore the encrypted value to its original form.

Return Value

TEXT


Note:

The return value of the OBSCURE function always has a text data type. However, unless you specify the TEXT keyword, the actual value returned by OBSCURE(HASH) and OBSCURE(HIDE) is binary. When you want to be able to manage these encrypted values as text (for example, when you want to be able to store them in a text file), you must specify the TEXT keyword. See Example 19-13, "Generating Text Data".

Syntax

OBSCURE({HASH|HIDE|UNHIDE} [TEXT] seed-exp input-exp)

Arguments

HASH

Specifies that Oracle OLAP encrypts the input text expression according to the seed expression that you specify. With the HASH keyword:

  • Encrypted values cannot be restored to their original form.

  • The same seed expression and input text always produce the same result.

A typical application would be a local password validation scheme. You can use OBSCURE with the HASH keyword to encrypt passwords, store them, and then validate the passwords presented by users against the stored encrypted values. See Example 19-11, "Using HASH".

HIDE

Specifies that Oracle OLAP encrypts the input text expression according to the seed expression that you specify. With the HIDE keyword:

  • Encrypted values can be restored to their original form with UNHIDE.

  • The same seed expression and input text always produce different results.

The HIDE keyword provides a mechanism for storing values in encrypted form while actually comparing their unencrypted values. A typical application would be a remote password validation scheme. You could use OBSCURE with the HIDE keyword to store passwords in encrypted form on a local system. You could then pass them in encrypted form to a remote system for validation against unencrypted criteria on the host. See Example 19-12, "Using HIDE".

UNHIDE

When specified with the original seed expression, restores values encrypted with the HIDE keyword to their original form. See "Restoring Text".

TEXT

The TEXT keyword causes OBSCURE to convert binary data to text, such that the return value consists only of text data. When you do not specify the TEXT keyword, the output of OBSCURE is binary data. See "Restoring Text", and "Generating Text Data".

seed-exp

A single-line text expression that is used as a seed value in the encryption of the input text expression.

input-exp

A single-line text expression to be encrypted or restored by OBSCURE.

Notes


Restoring Text

When you have used OBSCURE(HIDE) with the TEXT keyword to encrypt a text expression, you must also specify the TEXT keyword with OBSCURE(UNHIDE) to restore the encrypted expression to its original form.


OBSCURE and C2 Security

The OBSCURE function does not conform to the C2 security level specified by the Department of Defense.


Case Sensitivity

Both the seed expression and the text expression that you provide as input to OBSCURE are case-sensitive.

Examples

Example 19-11 Using HASH

The following example shows how you could use the HASH keyword to store a password in encrypted form in the variable first_user. When a new user attempts to log in, his password is encrypted with the HASH keyword and compared to the value stored in first_user. When the values are the same, the program validate_user, which allows the new user to log in, is invoked.

passvar = 'JoeSmith'
first_user = OBSCURE(HASH 'lxyz' passvar)
 ...
'Run a login procedure that assigns a password
'presented by a user to the variable NEW_USER
'and checks it against the stored encrypted value
 ...
IF OBSCURE(HASH 'xyz' new_user) EQ first_user
   THEN validate_user
   ELSE deny_access

Example 19-12 Using HIDE

You can encrypt the name JSmith with the seed expression'abc and restore it to its original form, using the following statements.

DEFINE pswobsc VARIABLE TEXT
pswobsc = OBSCURE(HIDE 'abc' 'JSmith')
SHOW OBSCURE(UNHIDE 'abc' pswobsc)

This SHOW statement generates the following output.

jsmith

Example 19-13 Generating Text Data

The following statements illustrate the use of the TEXT keyword.

DEFINE encrypted_text VARIABLE TEXT
DEFINE unencrypted_text VARIABLE TEXT
 
unencrypted_text = 'max'
encrypted_text = OBSCURE(HIDE TEXT 'XXXX' unencrypted_text)
SHOW encrypted_text

This SHOW statement generates the following output.

c5WF/XfABuY

The same statements without the TEXT keyword would produce binary output from the SHOW statement.