Pete Finnigan's Oracle Security Forum (http://www.petefinnigan.com/forum/yabb/YaBB.cgi)
Oracle Security >> Oracle Security >> 10g Oracle Wallet vs Key Management
(Message started by: Pete Finnigan on Nov 23rd, 2005, 12:21am)

Title: 10g Oracle Wallet vs Key Management
Post by Pete Finnigan on Nov 23rd, 2005, 12:21am
Does anyone know if Oralce provides hooks into the Transparent Data Encryption (TDE) so that we can plug in our own key management using an HSM?

I note that the Advanced Security Guide enables a new wallet to be created using PKCS #11.  However, it looks like it just uses PKCS #11 to copy the key into Oracle's static wallet file.  Is there a way to have it use PKCS #11 to retrieve the key each time it needs it and so not store it anywhere locally?

More usefully, is it possible to have Oracle delegate all encryption to the HSM itself?  Ie. Instead of using its own encryption algorithms it would send the plain text to the HSM, and then have the HSM return the encrypted data.   In this way the key never leaves the HSM.

Thanks again,

Anthony



Powered by YaBB 1 Gold - SP 1.4!
Forum software copyright © 2000-2004 Yet another Bulletin Board