Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Mailing Lists -> Oracle-L -> Re: best practices for encryption key managment??

Re: best practices for encryption key managment??

From: Sai Selvaganesan <ssaisundar_at_sbcglobal.net>
Date: Wed, 26 May 2004 18:00:54 -0700 (PDT)
Message-ID: <20040527010054.14605.qmail@web80403.mail.yahoo.com> 





larry
 


addendum:
 


also u can take a look at tom kyte's implementation of encryption key in his book "effective oracle design". a very nice way of not storing the key for encryption directly in the database and using a "wrapped" PL/SQL code to get the real key. he discusses a couple of other methods like storing in files etc too.
 


sai


Jared.Still_at_radisys.com wrote:


Larry,


And now you have discovered the crux of the problem with encryption.



Encypting data is relatively easy, managing it doesn't seem to be.



There was an article in recent issue of SELECT ( www.selectonline.org ) 
where the 


author stored the key with the card number. Each card number had it's own 
key. 



The purpose was to minimize the impact of someone getting hold of a key.



HTH


Jared





oracle-l-bounce_at_freelists.org wrote on 05/26/2004 10:07:14 AM:



> We are using the dbms_obfuscation toolkit to encrypt sensitive data per

> VISA's requirements. 

> Has anyone gone through the VISA audit before? They are not clear on 

their


> expectations for encryption...

> 

> I've found next to no info on key management - our plan is store the key 

in


> the database and also in pvcs with access limited to the dba team.

> 

> Any advice or experience to share would be appreciated...

> 

> Thanks,

> 

> Larry

> Larry Lane

> Senior Database Administrator

> EchoStar Satellite L.L.C

> 9601 South Meridian Blvd

> Englewood, CO 80112

> 

> email: lawrence.lane_at_echostar.com

> 







Please see the official ORACLE-L FAQ: http://www.orafaq.com




To unsubscribe send email to: oracle-l-request_at_freelists.org
put 'unsubscribe' in the subject line.

--
Archives are at http://www.freelists.org/archives/oracle-l/
FAQ is at http://www.freelists.org/help/fom-serve/cache/1.html
-----------------------------------------------------------------

----------------------------------------------------------------
Please see the official ORACLE-L FAQ: http://www.orafaq.com
----------------------------------------------------------------
To unsubscribe send email to:  oracle-l-request_at_freelists.org
put 'unsubscribe' in the subject line.
--
Archives are at http://www.freelists.org/archives/oracle-l/
FAQ is at http://www.freelists.org/help/fom-serve/cache/1.html
-----------------------------------------------------------------


Received on Wed May 26 2004 - 19:57:56 CDT












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US