Reputation: 3537
Missing documentation for Oracle Database 11g TDE master key
I have looked through the whole set of "Oracle Database 11g Release 2 (11.2) Documentation" searching for the details of the master encryption key used for transparent data encryption (TDE) with HSM. There was only a single insignificant line out of the whole set of documentation that says it makes use of AES.
What surprised me was that no word was mentioned of the AES mode (CBC, ECB, etc) and the key length for the master key that was generated using the following command when it could have been important information for most. Did I miss something? Does anybody has any ideas?
SQL> ALTER SYSTEM SET ENCRYPTION KEY IDENTIFIED BY "user_Id:password"
Upvotes: 1
Views: 577
Answers (3)
Reputation: 31
key encryption keys are always supposed to equal to or longer than data encryption keys; hence TDE master keys are always the longest of AES, ARIA, SEED (only 128) and GOST. Furthermore, 3rd party HSMs are not supported by Oracle.
Upvotes: 0
Reputation: 11
Get the Oracle Database Advanced Security Administrator Guide 11g R2 (E10746-02): http://www.foodpicky.com/download/docs/Oracle/Oracle_ASO_AdminGuide_11gR2_e10746.pdf
Upvotes: 1
Reputation: 3537
The following answer is as quoted from Oracle Forum.
"Oracle TDE asks the HSM via PKCS#11 specifically to generate an AES256 key."
Upvotes: 1
Related Questions
- Viewing oracle's metadata about primary/foreign key constraints
- Oracle referential Integrity information
- Oracle XE and DBMS_CRYPTO
- Oracle 12c documentation for changes / new features to SQL
- ORA-00439: Oracle Transparent Data Encryption XE 11.2.0
- How can I get a TNS for toad for oracle
- TDE in Oracle - Feature not enabled
- ORACLE 11G Data base administration
- Oracle 11g database administration
- Oracle 11 g release 2 sample schema