Handling DBMS_CRYPTO_KEYS

From: Dave Morgan <oracle_at_1001111.com>
Date: Wed, 08 Oct 2014 09:43:27 -0600
Message-ID: <54355B9F.8010500_at_1001111.com>

Hi All,

I am retrofitting encryption to some sensitive data using the DBMS_CRYPTO package and my final issue appears to securely managing the encryption key. I am not worried about physical key value escrow

The setup is all data and objects are owned by a restricted access DATA OWNER account. All data access is through other accounts with various levels of privilege.

The data owner account has the following package with the following private members:

	FUNCTION DECRYPT_TEXT (ENCRYPT_TEXT_IN VARCHAR2) RETURN VARCHAR2;
	FUNCTION ENCRYPT_TEXT (PLAIN_TEXT_IN VARCHAR2) RETURN VARCHAR2;
	PROCEDURE LOAD_KEY (KEY_IN VARCHAR2);

The functions are used inline in custom views and a pre insert trigger. LOAD_KEY must be called before clients can access the data.

I can create a wrapped package with a single call to LOAD_KEY so the key is never in clear text and then call that on startup, However, if the data owner account is breached then the encryption is breached.

Would moving the decrypt function out of the data owner schema prevent meaningful access to the encrypted data by the owner schema?

Am I missing anything else?

TIA
Dave
--

Dave Morgan
Senior Consultant, 1001111 Alberta Limited dave.morgan_at_1001111.com
403 399 2442
--

http://www.freelists.org/webpage/oracle-l Received on Wed Oct 08 2014 - 17:43:27 CEST

This message: [ Message body ]
Next message: Fred Habash: "Is Partitioning Used By The Optimizer?"
Previous message: Kim Berg Hansen: ""Re-sequencing" a pseudo-key"
Next in thread: Brent Day: "Re: Handling DBMS_CRYPTO_KEYS"
Reply: Brent Day: "Re: Handling DBMS_CRYPTO_KEYS"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]

Original text of this message