How to implement SHA3 in an Oracle Database

Hello everybody,

Recently I had the challenge to implement SHA3-Hashing in an Oracle database. Unfortunately, Oracle does not natively support SHA3 (only SHA1 and SHA2 from Oracle 12c onwards). Therefore, I used some java libraries to be able to calculate a SHA3-512-hash directly in SQL or PL/SQL. So, how’s it done?

  1. Download the jars from (I used bcprov-ext-jdk15on-164.jar and bcprov-jdk15on-164.jar, but more recent versions, if there are any, should be fine as well).
  2. Load the files into the database using loadjava:
loadjava -u username/password@database -o -r -v  bcprov-jdk15on-164.jar  loadjava -u username/password@database -o -r -v   bcprov-ext-jdk15on-164.jar

3. Create the Java Source:

create or replace and compile java source named at_mi_crypto as
package at.mi.crypto;

import org.bouncycastle.jcajce.provider.digest.SHA3;
import org.bouncycastle.util.encoders.Hex;

public class Crypto {

  public static String getHashSHA3_512(String iHashText) {
      SHA3.DigestSHA3 sha3512Digest = new SHA3.DigestSHA3(512);
      return Hex.toHexString(sha3512Digest.digest());


4. Create the PL/SQL-Function calling the Java Source:

   (i_text	IN 	VARCHAR2
   IS LANGUAGE JAVA NAME 'at.mi.crypto.Crypto.getHashSHA3_512(java.lang.String) return java.lang.String'

5. You should be good to go:

select js_getHashSHA3_512('This is a 1. Test Text') from dual;


Well, of course BouncyCastle supports also other algorithms that are not natively supported by Oracle, so this can come in very handy.

Hope, this might help some people facing the same challenge!

Best wishes

Author: markus

2 thoughts on “How to implement SHA3 in an Oracle Database

  1. Hello
    It’s very good document.
    I need one clarification.
    In which user I need to load (loadjava) the java files.
    Is it sys or any other user ?

    S Sukumar

    1. Hi, thanks. Basically, every user with the grants to create procedures and tables should be able to load the java files (+ the java grant for “”, please also refer to, especially the -grant option). So, sys should in my opinion be ok, but it could be any user with these grants. Best wishes, Markus

Leave a Reply

Your email address will not be published. Required fields are marked *

Please help avoiding spam: * Time limit is exhausted. Please reload CAPTCHA.