OKV: Is TDE master encryption key exposed when cached in memory ? (Doc ID 2230560.1)

Last updated on AUGUST 11, 2017

Applies to:

Oracle Key Vault - Version 12.2.0.0 and later
Advanced Networking Option - Version 11.2.0.1 and later
Information in this document applies to any platform.

Goal

As per the document  http://docs.oracle.com/cd/E25054_01/network.1111/e10746/asotrans.htm#BABGHIDE

3.2.6 Using Hardware Security Modules with TDE

A hardware security module (HSM) is a physical device that provides
secure storage for encryption keys. It also provides secure
computational space (memory) to perform encryption and decryption
operations. HSM is a more secure alternative to the Oracle wallet.

TDE can use HSM to provide enhanced security for sensitive data. An HSM
is used to store the master encryption key used for TDE. The key is
secure from unauthorized access attempts as the HSM is a physical device
and not an operating system file. All encryption and decryption
operations that use the master encryption key are performed inside the HSM.

 

"This means that the master encryption key is never exposed in insecure memory."

 Is TDE master encryption key exposed when cached in memory ?

Solution

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms