OKV: Is TDE master encryption key exposed when cached in memory ?
(Doc ID 2230560.1)
Last updated on APRIL 06, 2020
Applies to:Oracle Key Vault - Version 22.214.171.124 and later
Advanced Networking Option - Version 126.96.36.199 and later
Information in this document applies to any platform.
As per the document http://docs.oracle.com/cd/E25054_01/network.1111/e10746/asotrans.htm#BABGHIDE
3.2.6 Using Hardware Security Modules with TDE
A hardware security module (HSM) is a physical device that provides
secure storage for encryption keys. It also provides secure
computational space (memory) to perform encryption and decryption
operations. HSM is a more secure alternative to the Oracle wallet.
TDE can use HSM to provide enhanced security for sensitive data. An HSM
is used to store the master encryption key used for TDE. The key is
secure from unauthorized access attempts as the HSM is a physical device
and not an operating system file. All encryption and decryption
operations that use the master encryption key are performed inside the HSM.
"This means that the master encryption key is never exposed in insecure memory."
Is TDE master encryption key exposed when cached in memory ?
To view full details, sign in with your My Oracle Support account.
Don't have a My Oracle Support account? Click to get started!
In this Document