Re: Oracle 10g security. Using certificates?

nkunkov_at_escholar.com wrote:
> Hello,
> I have an assignment that i don't know where to begin. Hope you can
> give me some direction.
> I'm running Oracle 10g. I'm using DBMS_CRYPTO.ENCRYPT to do some
> encryption in my own function. My encryption key is stored (hardcoded)
> within my function. My client doesn't like it for obvious reasons and
> asked me if this key could be stored in a "certificate database"
> whatever this term means. I think I need to have a security certificate
> which will give me access to my key. I don't know if Oracle has this
> kind of capability and I'm not sure where to look to learn about it.
> If you can give me some help here I'd greatly appreciate it.
> Thank you.
> NK

If you run 10g Release 2 (10.2,) you will find that it supports transparent data encryption and stores the key out of line in a wallet. So search the docs for TDA and google this group for some discussions about it.

Other than that, I don't think that Oracle has any PKI API exposed to PL/SQL developers for immediate use. You can try Java for this. You can also store your keys outside the database and read them using BFILEs or UTL_FILE, and optionally encrypt that storage with some fixed, but not explicitly hard-coded key (for example, one derived from some immutable constants.)

Brian Peasland also has a couple of white papers on key security in Oracle at http://www.peasland.net, which you may find helpful.

Hth,

    Vladimir M. Zakharychev
    N-Networks, makers of Dynamic PSP(tm)     http://www.dynamicpsp.com Received on Wed Jun 28 2006 - 12:12:46 CDT