Re: Oracle 10g security. Using certificates?

Vladimir M. Zakharychev wrote:
> nkunkov_at_escholar.com wrote:
> > Hello,
> > I have an assignment that i don't know where to begin. Hope you can
> > give me some direction.
> > I'm running Oracle 10g. I'm using DBMS_CRYPTO.ENCRYPT to do some
> > encryption in my own function. My encryption key is stored (hardcoded)
> > within my function. My client doesn't like it for obvious reasons and
> > asked me if this key could be stored in a "certificate database"
> > whatever this term means. I think I need to have a security certificate
> > which will give me access to my key. I don't know if Oracle has this
> > kind of capability and I'm not sure where to look to learn about it.
> > If you can give me some help here I'd greatly appreciate it.
> > Thank you.
> > NK
>
> If you run 10g Release 2 (10.2,) you will find that it supports
> transparent data encryption and stores the key out of line
> in a wallet. So search the docs for TDA and google this
> group for some discussions about it.
>
> Other than that, I don't think that Oracle has any PKI API
> exposed to PL/SQL developers for immediate use. You can
> try Java for this. You can also store your keys outside the
> database and read them using BFILEs or UTL_FILE,
> and optionally encrypt that storage with some fixed, but
> not explicitly hard-coded key (for example, one derived from
> some immutable constants.)
>
> Brian Peasland also has a couple of white papers on
> key security in Oracle at http://www.peasland.net, which
> you may find helpful.
>
> Hth,
> Vladimir M. Zakharychev
> N-Networks, makers of Dynamic PSP(tm)
> http://www.dynamicpsp.com

Vladimir,
Thank you very much. This was actually very helpful. Appreciate it.
NK Received on Wed Jun 28 2006 - 12:21:13 CDT