Page 1 of 2
EF Core and encrypting Oracle db traffic
Posted: Wed 17 Oct 2018 21:25
by Eric_08
I have a requirement where I need to encrypt database traffic between our application and Oracle 12.1 database. Our application is on .NET core 2.1 with EF Core 2.1 and Linux RHEL7, so direct mode is used in DevArt component. How do I use DevArt component for EF Core 2.1 to encrypt database traffic? I understand there is
class, but how do I use it with EF Core? Any example on how to use it would be greatly appreciated.
Thank you
Re: EF Core and encrypting Oracle db traffic
Posted: Thu 18 Oct 2018 19:22
by Shalex
Please refer to
https://www.devart.com/dotconnect/oracl ... tmode.html > the Oracle Advanced Security Support in Direct Mode section.
Sample
Code: Select all
C:\oracle\product\12.1.0\dbhome_1\NETWORK\ADMIN\sqlnet.ora
SQLNET.AUTHENTICATION_SERVICES= (NTS)
NAMES.DIRECTORY_PATH= (TNSNAMES, EZCONNECT)
SQLNET.ENCRYPTION_TYPES_SERVER= (RC4_256)
SQLNET.ENCRYPTION_SERVER= REQUIRED
SQLNET.CRYPTO_CHECKSUM_TYPES_SERVER= (MD5)
SQLNET.CRYPTO_CHECKSUM_SERVER= REQUIRED
Code: Select all
DirectUtils.EncryptionLevel = DirectUtils.SecurityLevel.Required;
DirectUtils.DataIntegrityLevel = DirectUtils.SecurityLevel.Required;
using (var conn = new OracleConnection())
{
conn.ConnectionString = "direct=true;server=192.168.0.169;sid=orcl;uid=c##scott;pwd=tiger;";
conn.Open();
var cmd = conn.CreateCommand();
cmd.CommandText = "select 1 + 1 from dual";
Console.WriteLine(cmd.ExecuteScalar());
}
Console.ReadKey();
Re: EF Core and encrypting Oracle db traffic
Posted: Thu 18 Oct 2018 19:45
by Eric_08
Yes, I read that topic, but I'm somewhat confused here. I'm using EF Core and .NET Core, so I'm initializing
via
extension method. How do I use DirectUtils in this case? Do I use
Code: Select all
DirectUtils.EncryptionLevel = DirectUtils.SecurityLevel.Required;
DirectUtils.DataIntegrityLevel = DirectUtils.SecurityLevel.Required;
before optionsBuilder.UseOracle()? I want to do it just one Oracle database connection, but it appears
is static and not per connection.
Re: EF Core and encrypting Oracle db traffic
Posted: Tue 23 Oct 2018 09:41
by Shalex
There is no way to set an encryption per connection. You can use static DirectUtils for the whole application only.
Re: EF Core and encrypting Oracle db traffic
Posted: Tue 23 Oct 2018 14:04
by Eric_08
This seems to be a design flaw. Do you have plans to modify code and make it work per connection?
Re: EF Core and encrypting Oracle db traffic
Posted: Fri 26 Oct 2018 18:23
by Shalex
Re: EF Core and encrypting Oracle db traffic
Posted: Tue 13 Nov 2018 13:46
by Eric_08
Do you support TLS encryption in Direct mode? I'm getting 'ORA-03113: end-of-file on communication channel' error when I try to use code that uses encryption. I found the following conversation (
viewtopic.php?t=34362) on your site from two years ago where someone was trying to use TLS encryption and was getting the same error. At that time, you mentioned that DevArt does not support encryption in direct mode. Has that been fixed yet? Do you support TLS encryption in direct mode with the latest version?
Re: EF Core and encrypting Oracle db traffic
Posted: Mon 19 Nov 2018 14:22
by Eric_08
I need to know if DevArt supports Oracle TLS encryption in DirectMode. I need to know the answer rather quickly. Please respond with the answer. If DevArt does support TLS encryption for Oracle in Direct Mode, please tell me how can I get past 'ORA-03113: end-of-file on communication channel' error.
Re: EF Core and encrypting Oracle db traffic
Posted: Mon 19 Nov 2018 16:04
by Pinturiccio
dotConnect for Oracle does not support SSL and TLS in the Direct mode. The Data Encryption and Data Integrity features are supported in the Direct mode starting from 9.1.131. Since this version, you can use a secure connection to Oracle database in the Direct mode, but it is not SSL/TLS. For more information, please see
https://www.devart.com/dotconnect/oracl ... tMode.html , the section "Oracle Advanced Security Support in Direct Mode".
Eric_08 wrote:please tell me how can I get past 'ORA-03113: end-of-file on communication channel' error.
Please describe the error you got. Please also describe the steps for reproducing the issue.
Re: EF Core and encrypting Oracle db traffic
Posted: Mon 19 Nov 2018 16:58
by Eric_08
Basically, I need to know if DevArt driver in direct mode for Oracle and EF Core/.NET Core supports specifying port TCPS with port 2484. On Oracle database server, the SSL certificate will be added to Oracle wallet and then somehow I need to connect to the Oracle database server using DevArt over port 2484 with TCPS. Is that supported by DevArt in direct mode? Is that the same thing as DirectUtils.SecurityLevel?
Re: EF Core and encrypting Oracle db traffic
Posted: Tue 20 Nov 2018 15:55
by Pinturiccio
dotConnect for Oracle does not support SSL in the Direct mode. Oracle's Data Encryption and SSL are different kinds of encryption.
If you set up an Oracle server with SSL certificates, then dotConnect for Oracle won't work with your server in the Direct mode. For more information, please refer to
https://docs.oracle.com/database/121/DB ... m#DBSEG020
Re: EF Core and encrypting Oracle db traffic
Posted: Tue 20 Nov 2018 17:00
by Eric_08
Got it. Thanks!
Re: EF Core and encrypting Oracle db traffic
Posted: Tue 20 Nov 2018 19:59
by Eric_08
So I turned on Oracle Native Encryption and Data Integrity option on the Oracle DB server (v12.1). This is what SQLNET.ora on the server looks like:
SQLNET.CRYPTO_CHECKSUM_TYPES_SERVER= (SHA256)
SQLNET.AUTHENTICATION_SERVICES= (NONE)
SQLNET.ENCRYPTION_SERVER = required
SQLNET.CRYPTO_SEED = 'xxxxxxxxxxx'
SQLNET.ENCRYPTION_TYPES_SERVER= (AES256)
ADR_BASE = D:\xxxxxxxx\dbhome_1\log
SQLNET.CRYPTO_CHECKSUM_SERVER = required
I then set DirectUtils.SecurityLevel to required by doing this:
Code: Select all
DirectUtils.EncryptionLevel = DirectUtils.SecurityLevel.Required;
DirectUtils.DataIntegrityLevel = DirectUtils.SecurityLevel.Required;
After doing that, I can't connect to the database server from my application. I'm now getting this error:
Code: Select all
Devart.Data.Oracle.OracleException (0x80004005): ORA-12650: No common encryption or data integrity algorithm
I'm running my application on .NET Core 2.1 with EF Core 2.1.4 and DevArt EF Core 9.6.621.
Please help!
Re: EF Core and encrypting Oracle db traffic
Posted: Wed 21 Nov 2018 15:11
by Eric_08
I think I figured out what's happening. I was using SHA256 for integrity method, but looks like it's not supported by DevArt. When I switched to SHA1 for integrity method, it started working. SHA1 is a weaker algorithm though. When are you going to support SHA256/SHA384/SHA512 for integrity method? I need something higher than SHA1.
I'm using the latest DevArt Oracle/EF core component running on Linux in direct mode.
Re: EF Core and encrypting Oracle db traffic
Posted: Thu 22 Nov 2018 15:45
by Shalex
Eric_08 wrote: ↑Wed 21 Nov 2018 15:11
I think I figured out what's happening. I was using SHA256 for integrity method, but looks like it's not supported by DevArt.
That is correct: current implementation of .NET Standard Devart.* assemblies doesn't incude support for SHA256.
Eric_08 wrote: ↑Wed 21 Nov 2018 15:11When are you going to support SHA256/SHA384/SHA512 for integrity method? I need something higher than SHA1.
The investigation is in progress. We will notify you about the result.