Oracle User Defined Functions and APIs on

General UDFs

Mon, 01 Jan 0001 00:00:00 +0000

This section includes the general UDFs that can be used to retrieve the Oracle Protector version and the current user.

pty.whoami

The UDF returns the name of the user who is currently logged in to the database.

Signature:

pty.whoami()

Parameters:
None

Returns:
This UDF returns the name of the user as the VARCHAR2 string.

Exception:
None

Example:

select pty.whoami() ”Test of WhoAmI” from dual;
Test of WhoAmI
---
USER1

pty.getversion

This UDF returns the version of the protector.

Access Check Procedures

Mon, 01 Jan 0001 00:00:00 +0000

The procedures listed here check whether the user is granted access permissions to the data element. The procedures will pass if the user has access. Otherwise, it casts an exception with the reason for failure.

The permissions for protect, unprotect, and reprotect are defined based on the roles assigned to the user. For more information about how to grant these permissions and assign roles, refer to Policy Management.

pty.ins_check

This procedure determines if the user has insert(protect) access to the data element.

Insert Encryption UDFs

Mon, 01 Jan 0001 00:00:00 +0000

These UDFs encrypt the data.

Note: The permissions for protect, unprotect, and reprotect are defined based on the roles assigned to the user. For more information about how to grant these permissions and assign roles, refer to Policy Management.

pty.ins_encrypt

This UDF encrypts data with a data element for encryption.

Signature:

pty.ins_encrypt (dataelement CHAR, inval CHAR, scid BINARY_INTEGER)

Parameters:

Name	Type	Description
`dataelement`	CHAR	Specifies the name of the data element.
`inval`	CHAR	Specifies the input data.
`scid`	BINARY_INTEGER	Specifies the security co-ordinate ID. Set the value of the parameter to zero. Note: This parameter is no longer used and is retained for compatibility purposes only.

Returns:
This UDF returns the encrypted value as RAW data.

Insert No-Encryption, Token, and FPE UDFs

Mon, 01 Jan 0001 00:00:00 +0000

These UDFs are used with Tokenization, Format Preserving Encryption (FPE) and, No Encryption data elements.

pty.ins_char

This UDF protects the CHAR data with tokenization and No Encryption data elements.

Note: This UDF supports masking.

Signature:

pty.ins_char (dataelement CHAR, inval CHAR, scid BINARY_INTEGER)

Parameters:

Name	Type	Description
`dataelement`	CHAR	Specifies the name of the data element.
`inval`	CHAR	Specifies the input data.
`scid`	BINARY_INTEGER	Specifies the security co-ordinate ID. Set the value of the parameter to zero. Note: This parameter is no longer used and is retained for compatibility purposes only.

Returns:
This UDF returns the protected value as the CHAR data type.

Multiple Insert Encryption Procedures

Mon, 01 Jan 0001 00:00:00 +0000

These procedures encrypt one to four values of data with one procedure call. The user must be granted Protect access for the data element that will be used to execute these procedures. You can use the ins_check procedure to check whether the user has Protect access.

Note: These UDFs are marked for deprecation and will be removed from the future releases. Protegrity recommends to use the standard Insert or Protect UDFs.

Select Decryption UDFs

Mon, 01 Jan 0001 00:00:00 +0000

The UDFs in this section decrypt the encrypted data. Unprotect access is required to use these procedures.

pty.sel_decrypt

This UDF decrypts the RAW data with an encryption data element.

Signature:

pty.sel_decrypt(dataelement CHAR, inval RAW, scid BINARY_INTEGER)

Parameters:

Name	Type	Description
`dataelement`	CHAR	Specifies the name of the data element.
`inval`	RAW	Specifies the input data.
`scid`	BINARY_INTEGER	Specifies the security co-ordinate ID. Set the value of the parameter to zero. Note: This parameter is no longer used and is retained for compatibility purposes only.

Returns:

Select No-Encryption, Token, and FPE UDFs

Mon, 01 Jan 0001 00:00:00 +0000

These UDFs unprotect the protected data. Unprotect access is required to use these UDFs.

pty.sel_char

This UDF unprotects the CHAR data with tokenization and No Encryption data elements.

Note: This UDF supports masking.

Signature:

pty.sel_char(dataelement CHAR, inval CHAR, scid BINARY_INTEGER)

Parameters:

Name	Type	Description
`dataelement`	CHAR	Specifies the name of the data element.
`inval`	CHAR	Specifies the input data.
`scid`	BINARY_INTEGER	Specifies the security co-ordinate ID. Set the value of the parameter to zero. Note: This parameter is no longer used and is retained for compatibility purposes only.

Returns:

Update Encryption UDFs

Mon, 01 Jan 0001 00:00:00 +0000

These UDFs update the data. Protect access is required to use these functions.

Note: These UDFs are marked for deprecation and will be removed from the future releases. Protegrity recommends to use the standard Insert or Protect UDFs.

pty.encUpdate

This procedure updates and encrypts one value of the VARCHAR2 data with one data element for encryption.

Signature:

pty.encUpdate(dataelement VARCHAR2, cdata VARCHAR2, rdata RAW, scid INTEGER)

Parameters:

Name	Type	Description
`dataelement`	VARCHAR2	Specifies the name of the data element.
`cdata`	VARCHAR2	Specifies the input data.
`rdata`	RAW	Specifies the encrypted output data.
`scid`	INTEGER	Specifies the security co-ordinate ID. Set the value of the parameter to zero. Note: This parameter is no longer used and is retained for compatibility purposes only.

Returns:
This UDF returns the encrypted value as RAW data.

Update No-Encryption, Token, and FPE UDFs

Mon, 01 Jan 0001 00:00:00 +0000

These UDFs are used to update the data for tokenization and Format Preserving Encryption (FPE). The user must have Protect access to use these procedures.

Note: For reprotect operations, the Audit logs are generated as Protect Logs instead of Reprotect Logs.

Note: These UDFs are marked for deprecation and will be removed from the future releases. Protegrity recommends to use the standard Insert or Protect UDFs.

pty.upd_char

This UDF re-protects the CHAR data with tokenization and No Encryption data elements.

Multiple Update Encryption Procedures

Mon, 01 Jan 0001 00:00:00 +0000

These procedures encrypt one to four values of data with one procedure call. The user must be granted Protect access for the data element that will be used to execute these procedures. You can use the upd_check procedure to check whether the user has Protect access.

Note: These UDFs are marked for deprecation and will be removed from the future releases. Protegrity recommends to use the standard Insert or Protect UDFs.

Hash UDFs

Mon, 01 Jan 0001 00:00:00 +0000

These UDFs protect the data as a hash value.

pty.ins_hash_varchar2

This UDF uses the hash function to protect the VARCHAR data with a data element for hashing to return a protected value.

Signature:

pty.ins_hash_varchar2(dataelement CHAR, cdata VARCHAR2, scid BINARY_INTEGER)

Parameters:

Name	Type	Description
`dataelement`	CHAR	Specifies the name of the data element.
`cdata`	VARCHAR2	Specifies the input data.
`scid`	BINARY_INTEGER	Specifies the security co-ordinate ID. Set the value of the parameter to zero. Note: This parameter is no longer used and is retained for compatibility purposes only.

Returns:

Blob UDFs

Mon, 01 Jan 0001 00:00:00 +0000

These UDFs can be used to encrypt and decrypt the data stored in the BLOB data type.

pty.ins_encrypt_blob

This function is used to encrypt the data stored in a BLOB with an encryption data element.

Signature:

pty.ins_encrypt_blob(dataelement CHAR, input_data BLOB , scid INTEGER)

Parameters:

Name	Type	Description
`dataelement`	CHAR	Specifies the name of the data element.
`input_data`	BLOB	Specifies the input data.
`scid`	BINARY_INTEGER	Specifies the security co-ordinate ID. Set the value of the parameter to zero. Note: This parameter is no longer used and is retained for compatibility purposes only.

Returns:
This UDF returns the encrypted value as the BLOB data. > Note: If you perform a protect operation with the input data as null or empty, then the output will be an empty_blob.

Clob UDFs

Mon, 01 Jan 0001 00:00:00 +0000

These UDFs can be used to encrypt and decrypt the data stored in the CLOB data type.

pty.ins_encrypt_clob

This function is used to encrypt the data stored in a CLOB with an encryption data element.

Signature:

pty.ins_encrypt_clob(dataelement CHAR, input_data CLOB, scid INTEGER)

CAUTION: Ensure that the input data stored in the CLOB data type does not contain multibyte characters. If you pass data containing multibyte characters to the CLOB UDF, then an unexpected behaviour is observed.
For example: An error 'ORA-28579: network error during callback from external procedure agent' is returned or the input data is corrupted. For more information about CLOB data type, refer to the Oracle Help Center.

Bulk UDFs

Mon, 01 Jan 0001 00:00:00 +0000

Bulk User-Defined Functions (UDFs) in Oracle are designed to process multiple rows in a single call, rather than operating on one row at a time like scalar UDFs. They are typically used for batch operations such as tokenization, encryption, or transformation of large datasets. In Oracle v10.0.0, bulk UDFs are implemented to improve efficiency when working with large tables or columns containing sensitive data.

The features of the bulk UDFs are listed below.

Oracle Input Datatype to UDF Mapping

Mon, 01 Jan 0001 00:00:00 +0000

This section provides tables with the Oracle input data type to the appropriate UDF mapping. It also provides the data element information that must be considered when creating a policy.

CAUTION: Starting from version 10.0.0, the 3DES, CUSP 3DES, and HMAC-SHA1 protection methods have been deprecated based on NIST recommendations around weak ciphers. It is recommended to use the following protection methods instead of the deprecated methods:

Deprecated Protection Methods	Recommended Protection Methods
3DES	AES-128 and AES-256
CUSP 3DES	CUSP AES-128 and CUSP AES-256
HMAC-SHA1	HMAC-SHA256

For assistance in switching to a different protection method, contact Protegrity.