Important Notice: Our web hosting provider recently started charging us for additional visits, which was unexpected. In response, we're seeking donations. Depending on the situation, we may explore different monetization options for our Community and Expert Contributors. It's crucial to provide more returns for their expertise and offer more Expert Validated Answers or AI Validated Answers. Learn more about our hosting issue here.

Can all master encryption keys be stored in an HSM device?

device encryption hsm keys master stored
0
Posted

Can all master encryption keys be stored in an HSM device?

0 CommentsAdd a Comment

2 Answers

0

TDE column encryption: Oracle Database 11.1.0.6 and later allows full key management for TDE column encryption master encryption keys in HSM devices, incl. migrating a master encryption key from Oracle Wallet to HSM. TDE tablespace encryption master encryption keys in Oracle 11.1.0.7 can be created and stored, but not rotated (re-keyed), in HSM devices, which also implies that migration of the TDE tablespace encryption master key from Oracle Wallet to HSM is not possible. HSMs cannot be used for TDE tablespace encryption master keys in 11.1.0.6. Full key management in HSM (and Oracle Wallet) for both TDE column encryption and TDE tablespace encryption is provided by the unified master encryption key in Oracle Database 11g Release 2; prior restrictions no longer apply. Customers who are already using TDE column encryption with 10gR2 and do not plan to use TDE tablespace encryption, can use the ‘migrate’ syntax of Oracle 11gR1 to transparently generate a new master key for their encrypte

0 CommentsAdd a Comment
0

TDE enables customers to store master keys in HSM to meet specific security regulations that may call for centralized key management using hardware-based key storage. Usage of HSM for storing the master keys is subject to certain conditions: INSERT SUMMARY TABLE HERE TDE column encryption: Oracle Database 11.1.0.6 and later allows full key management for TDE column encryption master encryption keys in HSM devices, incl. migrating a master encryption key from Oracle Wallet to HSM. TDE tablespace encryption master encryption keys in Oracle 11.1.0.7 can be created and stored, but not rotated (re-keyed), in HSM devices, which also implies that migration of the TDE tablespace encryption master key from Oracle Wallet to HSM is not possible. HSMs cannot be used for TDE tablespace encryption master keys in 11.1.0.6. Full key management in HSM (and Oracle Wallet) for both TDE column encryption and TDE tablespace encryption is provided by the unified master encryption key in Oracle Database 11g

0 CommentsAdd a Comment

Related Questions

What is your question?

*Sadly, we had to bring back ads too. Hopefully more targeted.

Experts123