Oracle FAQ | Your Portal to the Oracle Knowledge Grid |
![]() |
![]() |
Home -> Community -> Usenet -> c.d.o.misc -> Re: Encryption key storage
G Quesnel wrote:
> The database is currently at Oracle 9.2.0.6 on Solaris.
> I have a few questions about my options to store encryption keys.
> We want to store the encryption keys in an LDAP directory, so that when
> we pass the full export of the database, it doesn't include the
> encryption keys. Our encrypt/decrypt package functions can read the
> keys from LDAP as required, but is there a way to retain/share the key
> values so we don't need to do an LDAP call for each individual session
> that wants to do an encrypt or decrypt.
> Could the key be stored in a static java variable, to be accessible by
> mutliple sessions ?
> (or would it's visibility be limited to that of a package variable -
> re-initalized for every session)
> Could the key be stored in a materialized view, to be accessible by
> mutliple sessions ?
> In either case, would the key values be included in the dump of a full
> database export ?
>
> I am also wondering about the possibility of storing the wrapped
> encrypt/decrypt package under the SYS schema, so that it would not be
> included in a full export.
>
> Thanks for your thoughts.
You may want to try application contexts accessed globally, introduced in 9.2 if I'm not mistaken. They are described in detail in Application Developer's Guide - Fundamentals, with other bits of information dispersed through SQL Reference and Supplied PL/SQL Packages and Types Reference. Here's a short example of use:
SQL> select banner from v$version;
BANNER
SQL> conn / as sysdba
Connected.
SQL> grant create any context to scott;
Grant succeeded.
SQL> conn scott/tiger
Connected.
Context created.
Procedure created.
PL/SQL procedure successfully completed.
SYS_CONTEXT('MYCTX','KEY')
PL/SQL procedure successfully completed.
SQL> select sys_context('myctx','key') from dual;
SYS_CONTEXT('MYCTX','KEY')
SYS_CONTEXT('MYCTX','KEY')
PL/SQL procedure successfully completed.
SYS_CONTEXT('MYCTX','KEY')
Hth,
Vladimir M. Zakharychev N-Networks, makers of Dynamic PSP(tm) http://www.dynamicpsp.comReceived on Tue Jun 20 2006 - 12:24:36 CDT
![]() |
![]() |