OKV: Is TDE Primary encryption key exposed when cached in memory ? (Doc ID 2230560.1)

Last updated on AUGUST 08, 2022

Applies to:

Oracle Key Vault - Version 12.2.0.0 and later
Advanced Networking Option - Version 11.2.0.1 and later
Information in this document applies to any platform.

Goal

As per the document http://docs.oracle.com/cd/E25054_01/network.1111/e10746/asotrans.htm#BABGHIDE

3.2.6 Using Hardware Security Modules with TDE

A hardware security module (HSM) is a physical device that provides
secure storage for encryption keys. It also provides secure
computational space (memory) to perform encryption and decryption
operations. HSM is a more secure alternative to the Oracle wallet.

TDE can use HSM to provide enhanced security for sensitive data. An HSM
is used to store the master encryption key used for TDE. The key is
secure from unauthorized access attempts as the HSM is a physical device
and not an operating system file. All encryption and decryption
operations that use the master encryption key are performed inside the HSM.

"This means that the Primary encryption key is never exposed in insecure memory."

Is TDE Primary encryption key exposed when cached in memory ?

Solution

	To view full details, sign in with your My Oracle Support account.
	Don't have a My Oracle Support account? Click to get started!

In this Document

Goal

Solution

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.

OKV: Is TDE Primary encryption key exposed when cached in memory ? (Doc ID 2230560.1)

Applies to:

Goal

Solution

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!