Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Usenet -> c.d.o.misc -> Re: Oracle 10g security. Using certificates?

Re: Oracle 10g security. Using certificates?

From: Vladimir M. Zakharychev <vladimir.zakharychev_at_gmail.com>
Date: 28 Jun 2006 21:42:39 -0700
Message-ID: <1151556159.573058.28350@b68g2000cwa.googlegroups.com>

nkunkov_at_escholar.com wrote:
> Vladimir M. Zakharychev wrote:
> > nkunkov_at_escholar.com wrote:
> > > Hello,
> > > I have an assignment that i don't know where to begin. Hope you can
> > > give me some direction.
> > > I'm running Oracle 10g. I'm using DBMS_CRYPTO.ENCRYPT to do some
> > > encryption in my own function. My encryption key is stored (hardcoded)
> > > within my function. My client doesn't like it for obvious reasons and
> > > asked me if this key could be stored in a "certificate database"
> > > whatever this term means. I think I need to have a security certificate
> > > which will give me access to my key. I don't know if Oracle has this
> > > kind of capability and I'm not sure where to look to learn about it.
> > > If you can give me some help here I'd greatly appreciate it.
> > > Thank you.
> > > NK
> >
> > If you run 10g Release 2 (10.2,) you will find that it supports
> > transparent data encryption and stores the key out of line
> > in a wallet. So search the docs for TDA and google this
> > group for some discussions about it.
> >
> > Other than that, I don't think that Oracle has any PKI API
> > exposed to PL/SQL developers for immediate use. You can
> > try Java for this. You can also store your keys outside the
> > database and read them using BFILEs or UTL_FILE,
> > and optionally encrypt that storage with some fixed, but
> > not explicitly hard-coded key (for example, one derived from
> > some immutable constants.)
> >
> > Brian Peasland also has a couple of white papers on
> > key security in Oracle at http://www.peasland.net, which
> > you may find helpful.
> >
> > Hth,
> > Vladimir M. Zakharychev
> > N-Networks, makers of Dynamic PSP(tm)
> > http://www.dynamicpsp.com
>
>
> Vladimir,
> Thank you very much. This was actually very helpful.
> Appreciate it.
> NK

Just re-read my post and figured I used a wrong acronym for transparent data encryption. TDE is the right one. :) Sorry for possible confusion.

Regards,

    Vladimir M. Zakharychev
    N-Networks, makers of Dynamic PSP(tm)     http://www.dynamicpsp.com Received on Wed Jun 28 2006 - 23:42:39 CDT

Original text of this message

HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US