Key Management in Oracle Database 10g

You’ve learned the basics of how to use encryption and decryption, as well as how to generate keys. But that’s the easy part; for the most part, we’ve simply used Oracle’s supplied programs and built wrappers around them to get the job done. Now comes the more challenging aspect of the encryption infrastructure—managing the key. Our applications will need to have access to the key to decrypt the encrypted values, and this access mechanism should be as simple as possible. On the other hand, the key should not be so simple as to be accessible to hackers. A proper key management system balances the simplicity of key access against prevention of unauthorized access to the keys.

There are essentially three different types of key management:

  • A single key for the entire database

  • A different key for each row of tables with encrypted data

  • A combination approach

The following sections describe these different approaches to key management.

Tip

The discussions in this chapter use features of Oracle Database 10g, but the concepts apply equally well to Oracle9i Database, so if you are still using that version, you will still find this section helpful.

Get Oracle PL/SQL for DBAs now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial