top of page

Transparent Data Encryption (TDE) in oracle 12c

What is TDE?

  • Oracle Transparent Data Encryption (TDE) enables to encrypt sensitive application data on storage .

  • As the name suggest ,the data is completely transparent to the application.

  • TDE column encryption was introduced in Oracle Database 10g Release 2.

  • TDE tablespace encryption and the support for hardware security modules (HSM) were introduced in Oracle Database 11gR1.

  • TDE is protecting the data at rest.

  • It is encrypting the data in the datafiles so that in case the storage media are stolen or accessed unauthorized way , will not be possible to access the clear text data.

  • TDE uses a two tier encryption key architecture .Those consists of:

  1. Master Encryption key :This encryption key is used to encrypt secondary keys used for column encryption and tablespace encryption .

2. Table(column) and/or tablespace keys : These keys are used to encrypt one or more specific columns in a table or to encrypt tablespaces.

  • The table and tablespace keys are encrypted using the master key stored in an external security module (ESM) .

  • The ESM can be

- an Oracle Wallet : a secure container outside of the database protected with password

- Hardware Security Module (HSM) :a device used to secure keys and perform cryptographic operations.

Note: Starting from 12.1 ,we can migrate the TDE master keys from the Oracle wallet to a HSM and vice verse .

168 views0 comments

Recent Posts

See All

Source: Node1 ( Target: Node2 ( From Node1 we will setup passwordless SSH to Node2 and vice verse. 1- Login to Node1 as the same user on which the password less SSH is required

#oracle #ASM #controlfile #multiplexing #oracle19c It is a best practice for any database to have controlfile as well as redolog file to be multiplexed . This helps during any disk failure to keep one

In the previous post we saw how to upgrade OMS from 13.2 to 13.4 version .(Click Here) Once OMS is upgraded we have to upgrade the agents running in the servers which are monitored by OEM . This whole

bottom of page