Oracle JDBC connection encryption

Instant JChem supports opening encrypted connections to your Oracle database. The connection encryption settings are available in the schema settings dialog, which is accessible by right-clicking the schema in Projects Window and selecting "Schema Settings..." as seen in the screenshot below.

images/download/attachments/1805769/image2015-4-14_16_51_36.png

There are three encryption algorithms available ( RC4 128bit, 3DES 168bit and AES 256bit ) in IJC for encrypting connections to an Oracle database. In order to use any of them your Oracle database has to be set up to accept connections encrypted by the selected algorithm.

images/download/attachments/1805769/encryption.png

The database connection settings with the encryption algorithm can also be found in schema editor:

images/download/attachments/1805769/encryption_schema_editor.JPG

RC4 128bit:

In cryptography, RC4 (Rivest Cipher 4 also known as ARC4 or ARCFOUR meaning Alleged RC4, see below) is the most widely used software stream cipher and is used in popular Internet protocols such as Transport Layer Security (TLS).

3DES 168bit:

Oracle Advanced Security supports Triple-DES encryption (3DES), which encrypts message data with three passes of the DES algorithm. 3DES provides a high degree of message security, but with a performance penalty. The magnitude of the performance penalty depends on the speed of the processor performing the encryption. 3DES typically takes three times as long to encrypt a data block when compared to the standard DES algorithm.

AES 256bit:

AES 256 bit is a standardised algorithm used to encrypt the data. This is a symmetric block cipher encrypting and deciphering the same key data divided into blocks of fixed length. Norma replaced the previously used DES encryption. This algorithm is supported from Oracle 11g Release 2.

MD5 is used for calculating checksums.

Measurements

The measurements of performance penalties is transparently displayed on the following tables:

Algorithm

local/0.79 GHz [ms]

local/2.7 GHz [ms]

local/3.18 GHz [ms]

remote/3.18 GHz [ms]

without encryption

553,4

462,5

444,3

11881,9

RC4 128bit

585,3

467,7

452,3

12613,2

3DES 168bit

143,4

577

550,5

12130,5

AES 256bit

730

479,8

468,4

12175,2

  • local: Oracle server running in local network

  • remote: running on Amazon server

  • GHz: procesor frequency of client device

Oracle database setup

The encryption algorithms have to be set up on your Oracle server before you can open encrypted connections from IJC. The encryption settings are located in sqlnet.ora file. The example below shows a snippet of this file with the settings that turn on all RC4_128, 3DES168 and AES256 encryption algorithms and MD5 for the checksum:

SQLNET.ENCRYPTION_SERVER = ACCEPTED
SQLNET.CRYPTO_CHECKSUM_SERVER = ACCEPTED
SQLNET.CRYPTO_CHECKSUM_TYPES_SERVER= (MD5)
SQLNET.ENCRYPTION_TYPES_SERVER= (RC4_128, 3DES168, AES256)
SQLNET.CRYPTO_SEED = 12345678901234567890

Please see more detailed information in Oracle documentation here.

Verification of Encryption

The connection encryption should ideally be verified with a packet sniffer (e.g. wireshark), which can be downloaded from here.