Vladimir M. Zakharychev wrote:
> nkunkov_at_escholar.com wrote:
> > Vladimir M. Zakharychev wrote:
> > > nkunkov_at_escholar.com wrote:
> > > > Vladimir M. Zakharychev wrote:
> > > > > nkunkov_at_escholar.com wrote:
> > > > > > Hello,
> > > > > > I have an assignment that i don't know where to begin. Hope you can
> > > > > > give me some direction.
> > > > > > I'm running Oracle 10g. I'm using DBMS_CRYPTO.ENCRYPT to do some
> > > > > > encryption in my own function. My encryption key is stored (hardcoded)
> > > > > > within my function. My client doesn't like it for obvious reasons and
> > > > > > asked me if this key could be stored in a "certificate database"
> > > > > > whatever this term means. I think I need to have a security certificate
> > > > > > which will give me access to my key. I don't know if Oracle has this
> > > > > > kind of capability and I'm not sure where to look to learn about it.
> > > > > > If you can give me some help here I'd greatly appreciate it.
> > > > > > Thank you.
> > > > > > NK
> > > > >
> > > > > If you run 10g Release 2 (10.2,) you will find that it supports
> > > > > transparent data encryption and stores the key out of line
> > > > > in a wallet. So search the docs for TDA and google this
> > > > > group for some discussions about it.
> > > > >
> > > > > Other than that, I don't think that Oracle has any PKI API
> > > > > exposed to PL/SQL developers for immediate use. You can
> > > > > try Java for this. You can also store your keys outside the
> > > > > database and read them using BFILEs or UTL_FILE,
> > > > > and optionally encrypt that storage with some fixed, but
> > > > > not explicitly hard-coded key (for example, one derived from
> > > > > some immutable constants.)
> > > > >
> > > > > Brian Peasland also has a couple of white papers on
> > > > > key security in Oracle at http://www.peasland.net, which
> > > > > you may find helpful.
> > > > >
> > > > > Hth,
> > > > > Vladimir M. Zakharychev
> > > > > N-Networks, makers of Dynamic PSP(tm)
> > > > > http://www.dynamicpsp.com
> > > >
> > > >
> > > > Vladimir,
> > > > Thank you very much. This was actually very helpful.
> > > > Appreciate it.
> > > > NK
> > >
> > > Just re-read my post and figured I used a wrong acronym
> > > for transparent data encryption. TDE is the right one. :)
> > > Sorry for possible confusion.
> > >
> > > Regards,
> > > Vladimir M. Zakharychev
> > > N-Networks, makers of Dynamic PSP(tm)
> > > http://www.dynamicpsp.com
> >
> > Vladimir,
> > Thanks again. No you didn't confuse me, I figured out the acronym :)
> > I wanted to ask you a few things though.
> > 1. For TDE, I assume that I won't be able to use the DBMS_CRYPTO
> > package anymore? Is that right? Also, I'm looking not to encrypt the
> > fields of the table itself, but encrypt the contents of the
> > materialized views without doing anything with the actual tables. Will
> > TDE work for me or I need to use something else?
> > 2. Do you think code obfuscation could be of help? Should I
> > have an abfuscated function that will return the key? But then the
> > function output will still be readable, right? (I never used
> > obfuscation before, that's why the questions are basic...)
> > 3. If I wanted to store the key in a file, what should I use to
> > encrypt it? Same DBMS_CRYPTO? And when you are saying derive the key
> > from an immutable constant, that constant should also be stored
> > somewhere or known by the users, right? I'm giving this to the third
> > party, it's not an in house product...
> > Thanks for your help.
> > I greatly appreciate your answers.
> > NK
>
> 1. Correct, DBMS_CRYPTO doesn't have anything to do with TDE.
> As of MV column encryption - you can create MVs using prebuilt
> tables, which you can create with TDE. However, I see little point
> encrypting the snapshots but not encrypting their base tables. If
> it's done to secure replication channel then there's Advanced
> Security Option or good old SSH tunneling that can take care
> of that. If it's something else, I'd like to hear it. :)
>
> 2. Code obfuscation using wrap utility will definitely help, as it
> is said to be irreversible (which doesn't sound true to me, by
> the way, but at least no publicly available tools can deobfuscate
> wrapped PL/SQL code.) If an attacker has hard time seeing and
> analyzing the source code, she will undoubtly have complications
> figuring out how the key is generated, and without the key
> she can't get to the data.
>
> 3. Yes, you can use DBMS_CRYPTO, or you can write
> some Java code to do it. The constant should not be known
> to the users, quite the contrary: it should always be available,
> and it should be immutable, but it should not be obvious that it
> is being used for encryption key generation. You could use
> something like database name (which usually doesn't change
> for the life of the database,) database time zone (which should
> be set once and for all, too,) some universal constant like
> exponent or Pi expressed as a string and hashed with sha-1
> or md5, etc. It's pretty much the same as hard-coded key, but
> it's not as easily interceptable or guessable by an attacker. Also,
> there shouldn't be any way for the users to query for the key, its
> usage should be encapsulated into a package and all encoding
> and decoding should be performed in that package only.
>
> Regards,
> Vladimir M. Zakharychev
> N-Networks, makers of Dynamic PSP(tm)
> http://www.dynamicpsp.com
Thank you Vladimir, very much for such an extensive answer.
I'll be researching my options now...
Again, your help is much appreciated.
NK
Received on Thu Jun 29 2006 - 12:05:54 CDT
