Hello,
I want to use TDE tablespace encryption on my database.
One part of my study is "how can I manage my Master key" : my security officer ask me to change regularly the key.
I read in oracle documentation (
https://docs.oracle.com/cd/E11882_01/network.112/e40393/asotrans.htm#ASOAG9525 §8.2.2.1)that space into wallet is limited. so I can't change the master key with too small periodicity.
- My first question is how many master key can I put in a wallet before reaching limit ?
And what should I do when this limit is reached ?
Note : is it different if I use an HSM ?
- My second question is around performance and how are encrypted the data into the tablespace.
if I am right there is a mater key into the wallet and a tbs key into the datafile header.
When I modify the master key in the wallet, I guess that a new key is generated into the datafile header.
But what happen for the data : are block of the tbs are encrypted with this new key ?
And is there an increase of CPU usage when the new key are generated ?
Thank you for your answer
Cordially
Rodolphe