Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Usenet -> c.d.o.misc -> Re: Encryption key storage

Re: Encryption key storage

From: Vladimir M. Zakharychev <vladimir.zakharychev_at_gmail.com>
Date: 20 Jun 2006 10:24:36 -0700
Message-ID: <1150824276.508283.118400@b68g2000cwa.googlegroups.com>


G Quesnel wrote:
> The database is currently at Oracle 9.2.0.6 on Solaris.
> I have a few questions about my options to store encryption keys.
> We want to store the encryption keys in an LDAP directory, so that when
> we pass the full export of the database, it doesn't include the
> encryption keys. Our encrypt/decrypt package functions can read the
> keys from LDAP as required, but is there a way to retain/share the key
> values so we don't need to do an LDAP call for each individual session
> that wants to do an encrypt or decrypt.
> Could the key be stored in a static java variable, to be accessible by
> mutliple sessions ?
> (or would it's visibility be limited to that of a package variable -
> re-initalized for every session)
> Could the key be stored in a materialized view, to be accessible by
> mutliple sessions ?
> In either case, would the key values be included in the dump of a full
> database export ?
>
> I am also wondering about the possibility of storing the wrapped
> encrypt/decrypt package under the SYS schema, so that it would not be
> included in a full export.
>
> Thanks for your thoughts.

You may want to try application contexts accessed globally, introduced in 9.2 if I'm not mistaken. They are described in detail in Application Developer's Guide - Fundamentals, with other bits of information dispersed through SQL Reference and Supplied PL/SQL Packages and Types Reference. Here's a short example of use:

SQL> select banner from v$version;

BANNER



Oracle9i Enterprise Edition Release 9.2.0.7.0 - Production PL/SQL Release 9.2.0.7.0 - Production
CORE 9.2.0.7.0 Production
TNS for 32-bit Windows: Version 9.2.0.7.0 - Production NLSRTL Version 9.2.0.7.0 - Production

SQL> conn / as sysdba
Connected.
SQL> grant create any context to scott;

Grant succeeded.

SQL> conn scott/tiger
Connected.

Context created.

Procedure created.

PL/SQL procedure successfully completed.

SYS_CONTEXT('MYCTX','KEY')


PL/SQL procedure successfully completed.

SQL> select sys_context('myctx','key') from dual;

SYS_CONTEXT('MYCTX','KEY')



12345

SYS_CONTEXT('MYCTX','KEY')


PL/SQL procedure successfully completed.

SYS_CONTEXT('MYCTX','KEY')



12345

Hth,

     Vladimir M. Zakharychev
     N-Networks, makers of Dynamic PSP(tm)
     http://www.dynamicpsp.com
Received on Tue Jun 20 2006 - 12:24:36 CDT

Original text of this message

HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US