How To Generate A New Master Encryption Key for the TDE

(Doc ID 445147.1)

Last updated on OCTOBER 25, 2017

Applies to:

Advanced Networking Option - Version 11.2.0.4 to 11.2.0.4 [Release 11.2]
Advanced Networking Option - Version 10.2.0.3 to 11.2.0.2 [Release 10.2 to 11.2]
Information in this document applies to any platform.
Checked for relevance on 12-Jun-2013



Goal

In order to encrypt column data, Oracle uses a table encryption key which is unique for each table of the database. All the table encryption keys are encrypted using a master key and stored within the data dictionary. The master key is kept in a container outside of the database which can be either a file ( a PKCS#12 wallet ) or a Hardware Security Module (HSM) . To keep the system secure, one has to regenerate the master key periodically.

Solution

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms