DBMS_CRYPTO package is missing

Sanja picture Sanja · Jan 15, 2016 · Viewed 17.8k times · Source

I am using Oracle Database 11g Enterprise Edition Release 11.2.00.40 - 64bit Production. We have a initial admin user which will be created in a database by inserting into a table during the installation. This action requires to encrypt password using SH1 protocol. Acording to Oracle documentation I should be able to use DBMS_CRYPTO package which comes with Enterprise Edition of database. However I am not able to see it. Instead of DBMS_CRYPTO I can see DBMS_CRYPTO_TOOLKIT package. This package is not so well documented but I was able to find that it comes with Oracle 12c and that even confused me more.

Should I install DBMS_CRYPTO package aditionally or to use DBMS_CRYPTO_TOOLKIT package? Is there anybody who can explain how to encrypt pass with DBMS_CRYPTO_TOOLKIT package? I dont have SYS access to database, so I am wondering if there is a way to generate SH1 passwords without using DBMS_CRYPTO that is simple enough? In other words is it worth to install it?

Answer

Codo picture Codo · Jan 15, 2016

The Oracle documentation says:

Security Model

Oracle Database installs this package in the SYS schema. You can then grant package access to existing users and roles as needed.

Ask your system administration to grant access to it:

GRANT EXECUTE ON SYS.DBMS_CRYPTO TO USERXY;

Or even:

GRANT EXECUTE ON SYS.DBMS_CRYPTO TO PUBLIC;

I don't understand what Oracle tries to achieve by not making this package public. I don't see any harm that you can do by using it.