OKV: Is TDE master encryption key exposed when cached in memory ?
Last updated on APRIL 09, 2018
Applies to:Oracle Key Vault - Version 22.214.171.124 and later
Advanced Networking Option - Version 126.96.36.199 and later
Information in this document applies to any platform.
As per the document http://docs.oracle.com/cd/E25054_01/network.1111/e10746/asotrans.htm#BABGHIDE
3.2.6 Using Hardware Security Modules with TDE
A hardware security module (HSM) is a physical device that provides
secure storage for encryption keys. It also provides secure
computational space (memory) to perform encryption and decryption
operations. HSM is a more secure alternative to the Oracle wallet.
TDE can use HSM to provide enhanced security for sensitive data. An HSM
is used to store the master encryption key used for TDE. The key is
secure from unauthorized access attempts as the HSM is a physical device
and not an operating system file. All encryption and decryption
operations that use the master encryption key are performed inside the HSM.
"This means that the master encryption key is never exposed in insecure memory."
Is TDE master encryption key exposed when cached in memory ?
Sign In with your My Oracle Support account
Don't have a My Oracle Support account? Click to get started
Million Knowledge Articles and hundreds of Community platforms