Oracle FAQ | Your Portal to the Oracle Knowledge Grid |
Home -> Community -> Usenet -> c.d.o.misc -> Re: Oracle 10g security. Using certificates?
nkunkov_at_escholar.com wrote:
> Vladimir M. Zakharychev wrote:
> > nkunkov_at_escholar.com wrote:
> > > Vladimir M. Zakharychev wrote:
> > > > nkunkov_at_escholar.com wrote:
> > > > > Hello,
> > > > > I have an assignment that i don't know where to begin. Hope you can
> > > > > give me some direction.
> > > > > I'm running Oracle 10g. I'm using DBMS_CRYPTO.ENCRYPT to do some
> > > > > encryption in my own function. My encryption key is stored (hardcoded)
> > > > > within my function. My client doesn't like it for obvious reasons and
> > > > > asked me if this key could be stored in a "certificate database"
> > > > > whatever this term means. I think I need to have a security certificate
> > > > > which will give me access to my key. I don't know if Oracle has this
> > > > > kind of capability and I'm not sure where to look to learn about it.
> > > > > If you can give me some help here I'd greatly appreciate it.
> > > > > Thank you.
> > > > > NK
> > > >
> > > > If you run 10g Release 2 (10.2,) you will find that it supports
> > > > transparent data encryption and stores the key out of line
> > > > in a wallet. So search the docs for TDA and google this
> > > > group for some discussions about it.
> > > >
> > > > Other than that, I don't think that Oracle has any PKI API
> > > > exposed to PL/SQL developers for immediate use. You can
> > > > try Java for this. You can also store your keys outside the
> > > > database and read them using BFILEs or UTL_FILE,
> > > > and optionally encrypt that storage with some fixed, but
> > > > not explicitly hard-coded key (for example, one derived from
> > > > some immutable constants.)
> > > >
> > > > Brian Peasland also has a couple of white papers on
> > > > key security in Oracle at http://www.peasland.net, which
> > > > you may find helpful.
> > > >
> > > > Hth,
> > > > Vladimir M. Zakharychev
> > > > N-Networks, makers of Dynamic PSP(tm)
> > > > http://www.dynamicpsp.com
> > >
> > >
> > > Vladimir,
> > > Thank you very much. This was actually very helpful.
> > > Appreciate it.
> > > NK
> >
> > Just re-read my post and figured I used a wrong acronym
> > for transparent data encryption. TDE is the right one. :)
> > Sorry for possible confusion.
> >
> > Regards,
> > Vladimir M. Zakharychev
> > N-Networks, makers of Dynamic PSP(tm)
> > http://www.dynamicpsp.com
>
Regards,
Vladimir M. Zakharychev
N-Networks, makers of Dynamic PSP(tm)
http://www.dynamicpsp.com
Received on Thu Jun 29 2006 - 11:17:03 CDT