Important Notice: Our web hosting provider recently started charging us for additional visits, which was unexpected. In response, we're seeking donations. Depending on the situation, we may explore different monetization options for our Community and Expert Contributors. It's crucial to provide more returns for their expertise and offer more Expert Validated Answers or AI Validated Answers. Learn more about our hosting issue here.

How do I use both TDE column encryption with hardware keys and TDE tablespace encryption with software wallet keys at the same time?

April 26, 2017column encryption hardware keys Software tablespace tde time wallet

0

Posted

How do I use both TDE column encryption with hardware keys and TDE tablespace encryption with software wallet keys at the same time?

1 Answer

0

Posted

With Oracle Database 11gR1, only the master key for TDE column encryption can be fully managed in an HSM device (create, store, rotate, destroy); With Oracle 11.1.0.7, the master key for tablespace encryption can be created and stored, but not rotated, in an HSM device. If you want to use both TDE column encryption (with an HSM-based master key) and TDE tablespace encryption (with a wallet-based master key), the command to open the HSM wallet: SQL> alter system set encryption wallet open identified by “HSM_authentication_string” needs to open both the HSM wallet and the software wallet. Since both wallets need to be open, users can either generate an auto-open wallet to use for TDE tablespace encryption (keep the encryption wallet; it is required for master key re-key operations later, and potentially contains a list of retired master keys), or the password for the software wallet can be changed to “HSM_authentication_string”, using Oracle Wallet Manager. Additionally, the ‘(DIRECTORY=