Skip to Main Content
  • Questions
  • DBMS_CRYPTO how to obtain a key from a OS file

Breadcrumb

May 4th

Question and Answer

Connor McDonald

Thanks for the question, steve.

Asked: April 05, 2017 - 3:05 pm UTC

Last updated: April 07, 2017 - 2:20 am UTC

Version: 8.1.0.3

Viewed 1000+ times

You Asked

Tom,

Looking to use DBMS_CRYPTO to secure some sensitive data in the database. I'd like to hold my key in an OS file so looking at using UTL_FILE to extract the key.

The concern I have with this as a concept is that each time I want to decrypt a piece of CYPHERTEXT I need to open and process my OS file. Ideally I'd have something open the file and store my key in memory. Is there any concept here that I can use?

and Connor said...

Rating

  (1 rating)

Is this answer out of date? If it is, please let us know via a Comment

Comments

TDE as a solution

Steve Palmer, April 06, 2017 - 8:31 am UTC

Why not use TDE - we were planning to.
Another application working at our patch level 11.2.0.3 recently went live with TDE and hit an issue that caused an outage.
The advice from within our Oracle TDE DBA's is to not go live at less than 11.2.0.4 or above. We cannot do that within our time constraints. So we are looking at something bespoke until we can get Oracle patched and TDE delivered.
Connor McDonald
April 07, 2017 - 2:20 am UTC

As a temporary solution, you could read the OS file and store the information in a context variable.

But of course, if you *really* want security keys floating around in a memory resident area...then...well.... you probably want to be very very careful with how you manage that :-)

More to Explore

DBMS_CRYPTO

More on PL/SQL routine DBMS_CRYPTO here