| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
 |
 | |||
| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
|
| |||
Home -> Community -> Usenet -> c.d.o.server -> Re: Protecting the encryption key from the DBA
Frank van Bortel wrote:
> DA Morgan wrote:
>
>>Pratap wrote: >> >> >>>Unfortunately Transparent Data Encryption in 10gR2 is still in beta. >> >> >>Beta is over. Downloadable at http://otn.oracle.com
I suppose, you got it worked. It is not clearly stated in documentation
( at least , i haven't seen it, of course i read it not that carefully
), but in
http://www.oracle.com/technology/obe/10gr2_db_vmware/security/tde/tde.htm
was a little bit more information :
<quote>
Application logic performed through SQL will continue to work without
modification. In other words, applications can use the same syntax to
insert data into an application table and the Oracle database will
automatically encrypt the data before writing the information to disk.
Subsequent select operations will have the data transparently decrypted
so the application will continue to work normally. This is important
because existing applications generally expect to see application data
unencrypted. Displaying encrypted data may, at a minimum, confuse the
application user and may even break an existing application.
</quote>
After that i made a dump from encrypted table block and subsequently
decrypted.
That are:
Encrypted:
Dump of memory from 0x0CC12C00 to 0x0CC14C00
CC12C00 0000A206 01000050 00062998 06030000 [....P....)......]
CC12C10 0000CA75 00000001 0000C7D8 00062991 [u............)..]
CC12C20 00000000 00320002 01000049 000A0001 [......2.I.......]
CC12C30 000000DF 008005DA 0005005E 00002001 [........^.... ..]
CC12C40 00062998 00000000 00000000 00000000 [.)..............]
CC12C50 00000000 00000000 00000000 00000000 [................]
CC12C60 00000000 00010100 0014FFFF 1F491F5D [............].I.]
CC12C70 00001F49 1F5D0001 00000000 00000000 [I.....].........]
CC12C80 00000000 00000000 00000000 00000000 [................]
Repeat 499 times
CC14BC0 02012C00 3402C102 EDE7161B 5DA564F3 [.,.....4.....d.]]
CC14BD0 6D1CEE34 2DF13D3E F6A88FE7 B18237AB [4..m>=.-.....7..]
CC14BE0 4AB00941 5D745401 B0885825 295B1471 [A..J.Tt]%X..q.[)]
CC14BF0 98C3B749 8D3249B8 11AF6435 29980603 [I....I2.5d.....)]
Decrypted:
Dump of memory from 0x0CC12C00 to 0x0CC14C00
CC12C00 0000A206 01000050 00062C36 02010000 [....P...6,......]
CC12C10 00000000 00000001 0000C7D8 00062C31 [............1,..]
CC12C20 00000000 00320002 01000049 000A0001 [......2.I.......]
CC12C30 000000DF 008005DA 0005005E 00008000 [........^.......]
CC12C40 00062998 00160007 000000F4 008002F2 [.)..............]
CC12C50 0037006D 002F2001 00062C36 00000000 [m.7.. /.6,......]
CC12C60 00000000 00010100 0014FFFF 1F491F51 [............Q.I.]
CC12C70 00001F78 1F510001 00000000 00000000 [x.....Q.........]
CC12C80 00000000 00000000 00000000 00000000 [................]
Repeat 498 times
CC14BB0 00000000 02022C00 0502C102 6978614D [.....,......Maxi]
CC14BC0 02002C6D 3402C102 EDE7161B 5DA564F3 [m,.....4.....d.]]
CC14BD0 6D1CEE34 2DF13D3E F6A88FE7 B18237AB [4..m>=.-.....7..]
CC14BE0 4AB00941 5D745401 B0885825 295B1471 [A..J.Tt]%X..q.[)]
CC14BF0 98C3B749 8D3249B8 11AF6435 2C360601 [I....I2.5d....6,]
The only one encrypted value was "Maxim". Also, as i understand it, TDE doesn't present encrypted data through SQL (decrypting on the fly) , but encryts it in the data files... May be not exactly the feature, many people have expected, but i find it not soo bad. And for encrypted representation via SQL we still have DBMS_CRYPT.
Best regards
Maxim Received on Wed Jul 20 2005 - 14:38:23 CDT
 |
 |