Oracle DBMS_CRYPTO_FFI
Version 26ai

General Information
Library Note Morgan's Library Page Header
The best Oracle News for FY2026

Oracle Database 26ai is now availble. If you haven't you downloaded already: Why?
Purpose Undocumented supporting package for the DBMS_CRYPTO API.
AUTHID DEFINER
Constants There are clearly constants in the package and for purposes of HASH and MAC appear to correspond with the constants defined the DBMS_CRYPTO package. Using that same logic, however, fails to produce a successful outcome withe the COOKIE and ENCRYPT functions.
Dependencies
CRYPTO_TOOLKIT_LIBRARY DBMS_CRYPTO  
Documented No
Exceptions
Error Code Reason
ORA-28827 An invalid cipher type was passed to a PL/SQL function or procedure.
First Available 12.1
Security Model Owned by SYS with no privileges granted
Source {ORACLE_HOME}/rdbms/admin/prvtobtk.plb
Subprograms
DECRYPT ENCRYPT_REUSE PKDECRYPT
DECRYPT_REUSE HASH PKENCRYPT
ECDHDERIVE_SHAREDSECRET HASH_LEN RANDOM
ECDH_GENKEYPAIR KMACXOF SIGN
ENCRYPT MAC VERIFY
 
DECRYPT (3 new 23ai overloads)
Undocumented decryption

Overload 1		 dbms_crypto_ffi.decrypt(
dat IN RAW,
typ IN BINARY_INTEGER,
key IN RAW,
iv  IN RAW)
RETURN RAW;
TBD
Overload 2 dbms_crypto_ffi.decrypt(
dst IN OUT BLOB,
src IN     BLOB,
typ IN     BINARY_INTEGER,
key IN     RAW,
iv  IN     RAW);
TBD
Overload 3 dbms_crypto_ffi.decrypt(
dst IN OUT CLOB,
src IN     BLOB,
typ IN     BINARY_INTEGER,
key IN     RAW,
iv  IN     RAW);
TBD
Overload 4 dbms_crypto_ffi.decrypt(
dat IN RAW,
typ IN BINARY_INTEGER,
key IN RAW,
iv  IN RAW,
aad IN RAW,
tag IN RAW)
RETURN RAW;
TBD
Overload 5 dbms_crypto_ffi.decrypt(
dst IN OUT BLOB,
src IN     BLOB,
typ IN     BINARY_INTEGER,
key IN     RAW,
iv  IN     RAW,
aad IN     RAW,
tag IN     RAW);
TBD
Overload 6 dbms_crypto_ffi.decrypt(
dst IN OUT CLOB,
src IN     BLOB,
typ IN     BINARY_INTEGER,
key IN     RAW,
iv  IN     RAW,
aad IN     RAW,
tag IN     RAW);
TBD
 
DECRYPT_REUSE (new 23ai)
Undocumented

Overload 1		 dbms_crypto_ffi.decrypt_reuse(
dat IN RAW,
typ IN BINARY_INTEGER,
key IN RAW,
iv  IN RAW)
RETURN RAW;
TBD
Overload 2 dbms_crypto_ffi.decrypt_reuse(
dst IN OUT BLOB,
src IN     BLOB,
typ IN     BINARY_INTEGER,
key IN     RAW,
iv  IN     RAW);
TBD
Overload 3 dbms_crypto_ffi.decrypt_reuse(
dst IN OUT CLOB,
src IN     BLOB,
typ IN     BINARY_INTEGER,
key IN     RAW,
iv  IN     RAW);
TBD
Overload 4 dbms_crypto_ffi.decrypt_reuse(
dat IN RAW,
typ IN BINARY_INTEGER,
key IN RAW,
iv  IN RAW,
aad IN RAW,
tag IN RAW)
RETURN RAW;
TBD
Overload 5 dbms_crypto_ffi.decrypt_reuse(
dst IN OUT BLOB,
src IN     BLOB,
typ IN     BINARY_INTEGER,
key IN     RAW,
iv  IN     RAW,
aad IN     RAW,
tag IN     RAW);
TBD
Overload 6 dbms_crypto_ffi.decrypt_reuse(
dst IN OUT CLOB,
src IN     BLOB,
typ IN     BINARY_INTEGER,
key IN     RAW,
iv  IN     RAW,
aad IN     RAW,
tag IN     RAW);
TBD
 
ECDHDERIVE_SHAREDSECRET (new 23ai)
Undocumented dbms_crypto_ecdhderive_sharedsecret(
curveid IN BINARY_INTEGER,
peerpubkey   IN  RAW,
privkey      IN  RAW,
sharedsecret OUT RAW);
TBD
 
ECDH_GENKEYPAIR (new 23ai)
Undocumented dbms_crypto_ecdhderive_sharedsecret(
curveid IN BINARY_INTEGER,
pubkey  OUT RAW,
privkey OUT RAW);
DECLARE
 ppkOut   RAW(2048);
 privkOut RAW(2048);
BEGIN
  dbms_crypto_ffi.ecdh_genKeyPair(42, ppkOut, privkOut);
  dbms_output.put_line(ppkOut);
  dbms_output.put_line(privkOut);
END;
/
*
ORA-28827: An invalid cipher type was passed to a PL/SQL function or procedure.
 
ENCRYPT (3 new 23ai overloads)
Undocumented encryption

Overload 1		 dbms_crypto_ffi.encrypt(
dat IN RAW,
typ IN BINARY_INTEGER,
key IN RAW,
iv  IN RAW)
RETURN RAW;
TBD
Overload 2 dbms_crypto_ffi.encrypt(
dst IN OUT BLOB,
src IN     BLOB,
typ IN     BINARY_INTEGER,
key IN     RAW,
iv  IN     RAW);
TBD
Overload 3 dbms_crypto_ffi.encrypt(
dst IN OUT BLOB,
src IN     CLOB,
typ IN     BINARY_INTEGER,
key IN     RAW,
iv  IN     RAW);
TBD
Overload 4 dbms_crypto_ffi.encrypt(
dat IN  RAW,
typ IN  BINARY_INTEGER,
key IN  RAW,
iv  IN  RAW,
aad IN  RAW,
tag OUT RAW)
RETURN  RAW;
TBD
Overload 5 dbms_crypto_ffi.encrypt(
dst IN OUT BLOB,
src IN     BLOB,
typ IN     BINARY_INTEGER,
key IN     RAW,
iv  IN     RAW,
aad IN     RAW,
tag OUT    RAW);
TBD
Overload 6 dbms_crypto_ffi.encrypt(
dst IN OUT BLOB,
src IN     CLOB,
typ IN     BINARY_INTEGER,
key IN     RAW,
iv  IN     RAW,
aad IN     RAW,
tag OUT    RAW);
TBD
 
ENCRYPT_REUSE (new 23ai)
Undocumented

Overload 1		 dbms_crypto_ffi.encrypt_reuse(
dat IN RAW,
typ IN BINARY_INTEGER,
key IN RAW,
iv  IN RAW)
RETURN RAW;
TBD
Overload 2 dbms_crypto_ffi.encrypt_reuse(
dst  IN OUT BLOB,
srcIN     BLOB,
typ IN     BINARY_INTEGER,
key IN     RAW,
iv  IN     RAW);
TBD
Overload 3 dbms_crypto_ffi.encrypt_reuse(
dst IN OUT BLOB,
src IN     CLOB,
typ IN     BINARY_INTEGER,
key IN     RAW,
iv  IN     RAW);
TBD
Overload 4 dbms_crypto_ffi.encrypt_reuse(
dat IN  RAW,
typ IN  BINARY_INTEGER,
key IN  RAW,
iv  IN  RAW,
aad IN  RAW,
tag OUT RAW)
RETURN RAW;
TBD
Overload 5 dbms_crypto_ffi.encrypt_reuse(
dst IN OUT BLOB,
src IN     BLOB,
typ IN     BINARY_INTEGER,
key IN     RAW,
iv  IN     RAW,
aad IN     RAW,
tag    OUT RAW);
TBD
Overload 6 dbms_crypto_ffi.encrypt_reuse(
dst IN OUT BLOB,
src IN     CLOB,
typ IN     BINARY_INTEGER,
key IN     RAW,
iv  IN     RAW,
aad IN     RAW,
tag    OUT RAW);
TBD
 
HASH
Appears to output a hash based on the raw value provided

Testing has demonstrated that valid values for "typ" are 1 through 6

Overload 1		 dbms_crypto_ffi.hash(
dat IN RAW,
typ IN BINARY_INTEGER)
RETURN RAW;
DECLARE
 rOut             RAW(32767);
 l_credit_card_no VARCHAR2(19) := '1612-1791-1809-2605';
 l_ccn_raw        RAW(128) := utl_raw.cast_to_raw(l_credit_card_no);
BEGIN
  FOR i IN 1 .. 6 LOOP
    rOut := dbms_crypto_ffi.hash(l_ccn_raw, i);
    dbms_output.put_line(TO_CHAR(i) || ': ' || rOut);
  END LOOP;
END;
/
Overload 2 dbms_crypto_ffi.hash(
dat IN BLOB,
typ IN BINARY_INTEGER)
RETURN RAW;
TBD
Overload 3 dbms_crypto_ffi.hash(
dat IN CLOB,
typ IN BINARY_INTEGER)
RETURN RAW;
TBD
 
HASH_LEN (new 23ai)
Undocumented

Overload 1		 dbms_crypto_ffi.hash_len(
dat IN RAW,
typ IN BINARY_INTEGER,
len IN BINARY_INTEGER)
RETURN RAW;
TBD
Overload 2 dbms_crypto_ffi.hash_len(
dat IN BLOB,
typ IN BINARY_INTEGER,
len IN BINARY_INTEGER)
RETURN RAW;
TBD
Overload 3 dbms_crypto_ffi.hash_len(
dat IN CLOB,
typ IN BINARY_INTEGER,
len IN BINARY_INTEGER)
RETURN RAW;
TBD
 
(new 23ai)KMACXOF
Undocumented

Overload 1		 dbms_crypto_ffi.kmacxof(
dat   IN RAW,
typ   IN BINARY_INTEGER,
key   IN RAW,
len   IN BINARY_INTEGER,
custr IN RAW)
RETURN RAW;
TBD
Overload 2 dbms_crypto_ffi.kmacxof(
dat   IN BLOB,
typ   IN BINARY_INTEGER,
key   IN RAW,
len   IN BINARY_INTEGER,
custr IN RAW)
RETURN RAW;
TBD
Overload 3 dbms_crypto_ffi.kmacxof(
dat   IN CLOB,
typ   IN BINARY_INTEGER,
key   IN RAW,
len   IN BINARY_INTEGER,
custr IN RAW)
RETURN RAW;
TBD
 
MAC
Appears to output a Message Authentication Code algorithms provide key (mac)

Testing has demonstrated that valid values for "typ" are 1 through 5

Overload 1		 dbms_crypto_ffi.mac(
dat IN RAW,
typ IN BINARY_INTEGER,
key IN RAW)
RETURN RAW;
DECLARE
 rOut             RAW(32767);
 l_credit_card_no VARCHAR2(19) := '1612-1791-1809-2605';
 l_ccn_raw        RAW(128) := utl_raw.cast_to_raw(l_credit_card_no);
 l_key            RAW(128) := utl_raw.cast_to_raw('abcdefgh');
BEGIN
  FOR i IN 1 .. 5 LOOP
    rOut := dbms_crypto_ffi.mac(l_ccn_raw, i, l_key);
    dbms_output.put_line(TO_CHAR(i) || ': ' || rOut);
  END LOOP;
END;
/
Overload 2 dbms_crypto_ffi.mac(
dat IN BLOB,
typ IN BINARY_INTEGER,
key IN RAW)
RETURN RAW;
TBD
Overload 3 dbms_crypto_ffi.mac(
dat IN CLOB,
typ IN BINARY_INTEGER,
key IN RAW)
RETURN RAW;
TBD
 
PKDECRYPT
Decrypts RAW data using a private key assisted with key algorithm and encryption algorithm and returns decrypted data dbms_crypto_ffi.pkDecrypt(
src        IN RAW,
prv_key    IN RAW,
pubkey_alg IN BINARY_INTEGER,
enc_alg    IN BINARY_INTEGER)
RETURN RAW;
TBD
 
PKENCRYPT
Encrypts RAW data using a public key assisted with key algorithm and encryption algorithm and returns encrypted data dbms_crypto_ffi.pkEncrypt(
src        IN RAW,
PUB_key    IN RAW,
PUBkey_ALG IN BINARY_INTEGER,
ENC_ALG    IN BINARY_INTEGER)
RETURN RAW;
TBD
 
RANDOM
Returns a random raw value based on a numeric input which is probably used as a seed dbms_crypto_ffi.random(num IN BINARY_INTEGER) RETURN RAW;
SELECT dbms_crypto_ffi.random(42);

DBMS_CRYPTO_FFI.RANDOM(42)
-------------------------------------------------------------------------------------
B2F7BB164058D7D40FA5AA9D183FDE74FD91BFA9B31BB48730EF33F67AC20CBFC8EAAD6E8AF06FA58E59
 
SIGN
Signs RAW data using a private key assisted with key algorithm and sign algorithm, and returns a signature dbms_crypto_ffi.sign(
src        IN RAW,
prv_key    IN RAW,
pubkey_alg IN BINARY_INTEGER,
sign_alg   IN BINARY_INTEGER)
RETURN RAW;
TBD
 
VERIFY
Verifies RAW data using the signature, public key assisted with key algorithm, and sign algorithm. It returns TRUE if the signature was verified dbms_crypto_ffi.verify(
src        IN RAW,
sign       IN RAW,
pub_key    IN RAW,
pubkey_alg IN BINARY_INTEGER,
sign_alg   IN BINARY_INTEGER)
RETURN BOOLEAN;
TBD

Related Topics
Built-in Functions
Built-in Packages
Security
DBMS_CRYPTO
DBMS_CRYPTO_INTERNAL
DBMS_RANDOM
DBMS_SQLHASH
Transparent Data Encryption (TDE)
UTL_I18N
UTL_RAW
What's New In 21c
What's New In 26ai

Morgan's Library Page Footer
This site is maintained by Daniel Morgan. Last Updated: This site is protected by copyright and trademark laws under U.S. and International law. © 1998-2026 Daniel A. Morgan All Rights Reserved