Transparent Data Encryption (Oracle)

Oracle 10gR2 provides Transparent Data Encryption (TDE), encryption that is transparent for the user.

Context

When encrypting a column, Oracle creates an encryption key for the parent table and encrypts text data in the column with a user-specified encryption algorithm. The table key is encrypted using a master key and placed in the data dictionary.

The master key is stored in a secure location called a wallet, which can be a file on the database server. When a user enters data into an encrypted column, Oracle retrieves the master key from the wallet, decrypts the table key from the data dictionary, and uses it to encrypt the new data.

Note In order to access the master key used to encrypt the table keys, you must create a master password to open the wallet. To do this, right-click the model in the Browser, and select Properties. Click the Oracle tab, and enter your wallet password in the Password Encryption field. Click OK to return to the model. The password will be used to create alter statements for opening and closing the wallet.

You can create one or more encrypted column in one or more tables. You can specify the encryption algorithm to be used, but all columns in a particular table must use the same algorithm. If you create a second encrypted column in a table, and specify a different algorithm, the last specified algorithm will be used for all columns in the table.

Procedure

Create a column and open its property sheet.
On the General tab, specify any of the following types, which support encryption:
- CHAR, NCHAR, VARCHAR2, and NVARCHAR2
- DATE and TIMESTAMP
- INTERVAL DAY TO SECOND and YEAR TO MONTH
- NUMBER
- RAW
Click the Oracle tab and select the Encryption checkbox.
Select an encryption algorithm from the list.
[optional] Select the With salt checkbox in order to add some random bits to the encryption key.
Click OK to complete the column definition.