Encryption - Question about the key

From: Jamadagni, Rajendra <Rajendra.Jamadagni_at_espn.com>
Date: Tue, 18 Dec 2001 08:39:15 -0800
Message-ID: <F001.003DEF0E.20011218081018@fatcity.com>

Hi all,

I am investigating using dbms_obfuscation_toolkit in my application. Now, I need a key to encrypt and decrypt the key. The question is how to protect the key? The data will be accessed from Forms application, reports, SQR reports, SQLPLUS scripts.

I need to find a mechanism to
* hide the key from developers (or non authorized persons))

• preferable fetch the key from database
• make this fetching and storing key as non-intrusive as possible.

What are my options? A column on application users table that is not accessible? Hard coding the key is out of question. Also I need to separate keys for production and development servers.

As I am clueless, any ideas are most welcome.

Happy Holidays
Raj

---

Rajendra Jamadagni MIS, ESPN Inc. Rajendra dot Jamadagni at ESPN dot com
Any opinion expressed here is personal and doesn't reflect that of ESPN Inc.

QOTD: Any clod can have facts, but having an opinion is an art!

*********************************************************************2

This e-mail message is confidential, intended only for the named recipient(s) above and may contain information that is privileged, attorney work product or exempt from disclosure under applicable law. If you have received this message in error, or are not the named recipient(s), please immediately notify corporate MIS at (860) 766-2000 and delete this e-mail message from your computer, Thank you.

*********************************************************************2

Received on Tue Dec 18 2001 - 10:39:15 CST