Database Software

Announcement

For appeals, questions and feedback about Oracle Forums, please email oracle-forums-moderators_us@oracle.com. Technical questions should be asked in the appropriate category. Thank you!

Transparent Data Encryption (TDE) and HSM

658165Mar 9 2009 — edited Jun 12 2009

Hello,

I have a question regarding TDE and HSM.

As far as i understood, the HSM (same with a wallet) only stores a master key, which is used to decrypt the table keys, which are stored encrypted inside the database, encryption and decryption of the user data takes place inside memory using the decrypted table keys.

From the security perspective, security could be maximized, if ALL encryption/decryption oprations take place inside the HSM (i.e. even table keys are stored inside the HSM and do never leave the HSM), although this may imply a performance problem. So my question: does Oracle TDE support this?

Thanks,

Ulf

Edited by: upietruschka on 09.03.2009 01:32

Locked Post

New comments cannot be posted to this locked post.

Locked on Jul 10 2009

Added on Mar 9 2009

#database-security, #database-security-general

5 comments

5,792 views