What is WRAP and UNWRAP?

WRAP

According to documentation :

  

The WRAP operation supports encryption of a symmetric key using a key   encryption key that has previously been stored in an Azure Key Vault.

     

The WRAP operation is only strictly necessary for symmetric keys   stored in Azure Key Vault since protection with an asymmetric key can   be performed using the public portion of the key. This operation is   supported for asymmetric keys as a convenience for callers that have a   key-reference but do not have access to the public key material.

That is, it supports encryption of a symmetric key using an encryption key that was previously stored in an Azure Key Vault . It is strictly required only for symmetric keys stored in the Azure Key Vault , since protection with an asymmetric key can be performed using the public part of the key. This operation is supported for asymmetric keys as a convenience for callers who have a key reference but do not have access to public key material.

The Wrapper routine is meant to encrypt the source code in such a way that only Oracle can read and compile the generated text. Some of its features are:

• Converts the PL / SQL source code into an intermediate form of "object code."

• "Object code" generated is portable as if it were the source itself.

• The PL / SQL compiler recognizes and loads the Wrapper-generated code automatically.

This routine prevents the source code from being manipulated by other developers, moreover, because it is a portable code version, it is platform independent. References to% external% variables are resolved at load time, and normal Bind processes accept files generated by the Import/Export routine. Making these the main advantages of Wrapper.

However, it can not work with the PL / SQL block completely, encompassing all language functions, with only a few specific commands:

• Rappel
• Create Procedure
• Create Functions
• Create Package

WRAP code line:

wrap iname=ra_ex.sql oname=ra_ex_s.plb

UNWRAP

According to documentation :

  The UNWRAP operation supports decryption of a symmetric key using the   target key encryption key. This operation is the reverse of the WRAP   operation.

     The UNWRAP operation applies to asymmetric and symmetric stored keys   in Azure Key Vault since it uses the private portion of the key

This operation supports the decryption of a symmetric key using the target key encryption key. It is the inverse of the WRAP operation. The UNWRAP operation applies to asymmetric and symmetric keys stored in the Azure Key Vault , as it uses the private part of the key.

The example is taken from the book Introducing Database Systems, by C. J. Date. Consider the tuples:

  

T1:

TUPLE {
      NOME NOME, ENDE TUPLE{
                  RUA CHAR, CIDADE CHAR,
                    ESTADO CHAR, CEP CHAR}
    }

     

T2:

TUPLE {NOME NOME, RUA CHAR, CIDADE CHAR,
ESTADO CHAR, CEP CHAR}

     

The type Create Package body includes an attribute that, by itself, is of some type of   tuple Now consider T1 and NENDE1 as tuple variables of   types NENDE2 and T1 .

     

The expression:

NENDE2 WRAP{RUA, CIDADE, ESTADO, CEP} AS ENDE

     

Get the current value of T2 and package (wrap) the NENDE2 components,    RUA , CIDADE and ESTADO of this value to generate a single component    CEP with the tuple value. The result of the expression is then of the type    ENDE , and therefore the following assignment is valid:

NENDE1 := NENDE2 WRAP {RUA, CIDADE, ESTADO, CEP} AS ENDE;

     

The expression:

NENDE1 UNWRAP ENDE

     

Get the current value of T1 and unwrap the components    NENDE1 (with tuple value) of this value to generate four components   separated ENDE , RUA , CIDADE and ESTADO . Soon the result of the   expression is of type CEP and therefore the following assignment is valid:

NENDE2 := NENDE1 UNWRAP ENDE;

References:

• PL / SQL Wrapper
• PL / SQL User's Guide and Reference
• Wrapper
• Book: Introduction to Database Systems - C.J. Date