How To Generate A New Master Encryption Key for the TDE
Last updated on OCTOBER 25, 2017
Applies to:Advanced Networking Option - Version 18.104.22.168 to 22.214.171.124 [Release 11.2]
Advanced Networking Option - Version 10.2.0.3 to 126.96.36.199 [Release 10.2 to 11.2]
Information in this document applies to any platform.
Checked for relevance on 12-Jun-2013
In order to encrypt column data, Oracle uses a table encryption key which is unique for each table of the database. All the table encryption keys are encrypted using a master key and stored within the data dictionary. The master key is kept in a container outside of the database which can be either a file ( a PKCS#12 wallet ) or a Hardware Security Module (HSM) . To keep the system secure, one has to regenerate the master key periodically.
Sign In with your My Oracle Support account
Don't have a My Oracle Support account? Click to get started
My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms