Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Usenet -> c.d.o.misc -> Re: Oracle 10g security. Using certificates?

Re: Oracle 10g security. Using certificates?

From: Vladimir M. Zakharychev <vladimir.zakharychev_at_gmail.com>
Date: 28 Jun 2006 21:42:39 -0700
Message-ID: <1151556159.573058.28350@b68g2000cwa.googlegroups.com> 






nkunkov_at_escholar.com wrote:


> Vladimir M. Zakharychev wrote:

> > nkunkov_at_escholar.com wrote:

> > > Hello,

> > > I have an assignment that i don't know where to begin. Hope you can

> > > give me some direction.

> > > I'm running Oracle 10g. I'm using DBMS_CRYPTO.ENCRYPT to do some

> > > encryption in my own function. My encryption key is stored (hardcoded)

> > > within my function. My client doesn't like it for obvious reasons and

> > > asked me if this key could be stored in a "certificate database"

> > > whatever this term means. I think I need to have a security certificate

> > > which will give me access to my key. I don't know if Oracle has this

> > > kind of capability and I'm not sure where to look to learn about it.

> > > If you can give me some help here I'd greatly appreciate it.

> > > Thank you.

> > > NK

> >

> > If you run 10g Release 2 (10.2,) you will find that it supports

> > transparent data encryption and stores the key out of line

> > in a wallet. So search the docs for TDA and google this

> > group for some discussions about it.

> >

> > Other than that, I don't think that Oracle has any PKI API

> > exposed to PL/SQL developers for immediate use. You can

> > try Java for this. You can also store your keys outside the

> > database and read them using BFILEs or UTL_FILE,

> > and optionally encrypt that storage with some fixed, but

> > not explicitly hard-coded key (for example, one derived from

> > some immutable constants.)

> >

> > Brian Peasland also has a couple of white papers on

> > key security in Oracle at http://www.peasland.net, which

> > you may find helpful.

> >

> > Hth,

> >     Vladimir M. Zakharychev

> >     N-Networks, makers of Dynamic PSP(tm)

> >     http://www.dynamicpsp.com

>

>

> Vladimir,

> Thank you very much.  This was actually very helpful.

> Appreciate it.

> NK




Just re-read my post and figured I used a wrong acronym
for transparent data encryption. TDE is the right one. :)
Sorry for possible confusion.



Regards,


    Vladimir M. Zakharychev


    N-Networks, makers of Dynamic PSP(tm)
    http://www.dynamicpsp.com
Received on Wed Jun 28 2006 - 23:42:39 CDT












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US