databaseoracle-databasesecuritycryptographyutl-file

What is the recommended way to encrypt in Oracle?


I need some help from Oracle/Security experts.

I'm going to make functions for encryption/decryption in our Oracle DB. I intend to use dbms_crypto with AES256. I understand that I should store the key file in the O/S and read it using utl_file.

Is this a good idea? Are there any problems with this approach? E.g. Can utl_file have problems if the key file is read concurrently by 10 callers of the function? Is anything else recommended instead?

I'm sure that this is a very common thing. Does anyone know where I can find a good sample that does this?

Since this is security-related, I would prefer to follow some standard that others are following.


Solution

  • If you have Oracle Advanced Security in your Oracle Database Enterprise Edition, you already have transparent data encryption (TDE) of data stored in the database.Take a look:

    http://download.oracle.com/docs/cd/B19306_01/network.102/b14268/asotrans.htm

    You can check out also this link:

    http://www.oracle-base.com/articles/10g/TransparentDataEncryption_10gR2.php

    Summarizing the last page:

    You must create and opne the wallet:

    CONN sys/password AS SYSDBA
    ALTER SYSTEM SET ENCRYPTION KEY AUTHENTICATED BY "myPassword";
    

    Then you can create your tables with the desired columns encrypted or not:

    CREATE TABLE tde_test (
      id    NUMBER(10),
      data  VARCHAR2(50) ENCRYPT
    )
    TABLESPACE tde_test;
    

    I hope this help you.