Jared + Ragendra,
One option that you might have is to use a Host Security Module HSM such as those from Thales or Eracomm (cheaper PC based card ~$2000AUD). Essentially this is a piece of cryptographic hardware connected to your host that performs cryptographic functions and key management.
In terms of key management (which is what you were asking about), the keys reside within the memory of the HSM and can be loaded in component form. Meaning that a key is split between a number of people so no one person knows all of the key. The memory is typically non-volatile so you don't have to load the keys each time you re-boot. And most HSMs have a motion detector that will clear the keys from memory if the unit is moved.
When performing encryption functions the keys never leave the HSM. An application calls a crypto function with the data that it wants to encrypt (for example) and the NAME of the key to use. The HSM performs the encryption and returns the encrypted data. Thus, the keys are never stored in the clear within the application's memory.
Now, I'm not too sure how you will get this integrated with Oracle. Typically it is the application that interfaces with the HSM. Who knows you might find a product - I'd be interested in hearing about it if you do.
Cheers,
Craig.
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, 19 December 2001 6:56 AM
To: Multiple recipients of list ORACLE-L
Subject: Re: Encryption - Question about the key
Welcome to the security conundrum.
When it comes right down to it, there has to be someone
you can trust to have the keys to the kingdom.
Create a separate Oracle account with a single table
with one row in it; your key. Create a package containing
a function that can use the key to encrypt/decrypt data.
Grant 'execute ' on the package to the application account
or users that are trusted to use it.
Users can decrypt and encrypt data only by the interface
you provide. Since they don't have the key, the data
cannot be decrypted outside of the database, and false
encrypted data cannot be inserted into the database
without going through your interface.
This gives you the opportunity to examine any data
inserted into encrypted columns if you like in the event
that you could identify obviously false data.
I'm not a security expert, this is just where I would start
with really sensitive data, and then try to find ways to
break the security.
When it comes down to it though, you still have to know
who you can trust.
Jared
