OCI - API Mappings B-3
OCI - API Mapping Exceptions
B-4 Oracle Cryptographic Toolkit ProgrammerвЂ™s Guide
See Application Programming Interface.
Application Programming Interface
A set of functions that allow applications written in C or C++ to communicate with
an operating system and issue SQL statements to one or more Oracle servers.
A document that uses the signature of a trusted party to attest to the validity of its
The result of encrypting data into an apparently random and meaningless format.
Ciphertext must be decrypted to be converted into a readable format.
To restore an encrypted message to its original form, so the original message is
A cryptographic checksum of data encrypted using an entityвЂ™s private key. The
result authenticates the signature as having been generated by an entity, and it pro-
tects the data from tampering, since the signature can be veriп¬Ѓed.
A digital signature is an example of a message. If the message is a PKCS#7 mes-
sage, the message is considered to be in PKCS format.
The transformation of data into an apparently random and meaningless format
(called ciphertext). The ciphertext is unreadable by anyone without the correct
A person (physical, imaginary, or otherwise) or a process.
A pointer to a storage area allocated by the API library.
The binding of a public key and other information to an entity. It is possible to have
more than one identity bound to an entity. Every identity has a type. Some better
known identity types are X.509 certiп¬Ѓcates and PGP certiп¬Ѓcates.
A message-digest hashing alogorithm that compresses a message of arbitrary
length into a 128-bit digest.
The message format describes the layout and the contents of a message such as a
See Oracle Call Interface.
Oracle Call Interface
An application programming interface that allows applications written in C to inter-
act with one or more Oracle servers. See ProgrammerвЂ™s Guide to the Oracle Call Inter-
An instance of your electronic personality. Each instance contains one or more ele-
ments such as an identity, the private key associated with the identity, and other
cipher keys. An entity may have more than one persona. A persona implies a set of
actions that can be used and a set of message formats that can be generated.
PL/SQL is Oracle CorporationвЂ™s procedural language extension to Structured
Query Language (SQL).
An encryption algorithm.
An abstraction from the various repositories (e.g., п¬Ѓle, database, hardware) used by
the wallet interface.
See Repository IO.
Data is signed using a persona from a wallet. The result may be formatted in a num-
ber of ways and may contain only the digital signature. The signed data may also
contain the original data, possibly encrypted, along with information about the
identity used for the signature.
See Structured Query Language.
Structured Query Language
A language used to query and manipulate databases.
See Toolkit Data Unit.
Toolkit Data Unit
An encoding of possibly formatted and/or cryptographically altered data that is
created by an application via the Oracle Security Server Toolkit. The toolkit data
unit is usually transferred to another application that uses the Oracle Security
Server Toolkit to decode the toolkit data unit back into data.
A toolkit data unit is the message granularity of the Oracle Security Server Toolkit,
and it is transport independent.
One or more identities that are considered trustworthy and can be used to validate
A formatted message that results from signing is veriп¬Ѓed using the identity that
signed the message. Verifying the signature does not mean that the data can be
trusted. The identity associated with the message should be validated using a trust-
A facility that acts as a container for credentials (identities, personas, and trust-
points). Each entity has one or more wallets, and each wallet, while logically identi-
cal, may exist on a п¬Ѓle system or on a hardware device. The wallet may be
A wallet may be shared (read only) across a network. In this case, the wallet should
only contain public information (i.e., identities and trust points).
Wallet Resource Locator
Speciп¬Ѓes the wallet location.
See Wallet Resource Locator.
A Data type names, 2
API Interfaces, 5 Definitions
API Layer, 5 Authentication, 2
Attached sign/verify, 5 Authorization, 2
C Certificate Authority, 2
Certificate Authority (CA), 2
Certificate Management Services, 3
Certificate Revocation List (CRL), 3
Oracle Cryptographic Toolkit, 4
Cryptographic Engine, 4
Oracle Security Server, 2
Detached Signature, 4
Public/Private Key Pair, 3
Public-Key Encryption, 3
Detached sign/verify, 6
Personal Resource Locator, 4
PL/SQL routines for, 7
Protection Set, 5
Recipient Oriented Encryption, 5
Symmetric Encryption, 5
Generate a detached signature for an array of
Toolkit Data Unit, 5
Trust Point, 6
Random Number Generator, 2
Cryptographic Engine functions, 5
Oracle Security Server, 2
data structures, 5 Functions
Cryptographic Engine, 5
Keyed hash, 6
OCISecurityRandomNumber, 18 Oracle Call Interface, 10
OCISecurityReuseBlock, 20 Oracle Enterprise Manager, 3
OCISecuritySeedRandom, 16 Oracle Security Server Manager, 3
OCISecurityTerminate, 3 Persona
OCISecurityValidate, 11 definition of, 8
OCISecurityVerify, 9 PL/SQL functions
OCISecurityVerifyDetached, 13 AbortIdentity, 5
Oracle Call Interface. See Functions ClosePersona, 4
OCI CloseWallet, 3
Persona/Identity, 6 CreateIdentity, 5
PL/SQL CreatePersona, 4
Digital Signature, 7 DestroyWallet, 3
General Purpose, 2 iInitialize, 2
Hash, 12 OpenPersona, 4
Random Number Generation, 15 OpenWallet, 2
Use Oracle Wallet, 3 RemoveIdentity, 5
Wallet, 6 RemovePersona, 4
Hash, 6 Validate, 6
PL/SQL interface, 10
I PL/SQL routines
definition of, 7
Oracle call interface, 10
data type names, 2
Program Flow, 2
Interface with the Oracle Security Server, 3
Random Number Generator, 2
between Oracle Cryptographic Toolkit and
Oracle Security Server Services, 9
PL/SQL Program, 2
Security concepts, 2
Elements of, 7
definition of, 8
definition of, 9
X.509 v1 Certificate, 2