Encrypt Database export files
For years Oracle customers have found the import / export utilities a convenient way to move small amounts of data from one database to another. Oracle Data Pump 11g provides the ability to encrypt data as it is written to the export file, providing additional protection for credit card numbers and other sensitive business data.
Oracle Data Pump can easily encrypt an entire export file using one of these three methods:
|Local TDE master encryption key|
|Hybrid: Passphrase and local TDE master encryption key|
Using Oracle Transparent Data Encryption, Oracle Data Pump uses the TDE master encryption key either from the Oracle Wallet or a Hardware Security Module (HSM).
Using a passphrase, Oracle Data Pump uses the passphrase supplied on the command line as the key for the encryption algorithm. This is beneficial if the export file is to be imported into another database, where the matching master encryption key is not available, but the temporary passphrase can be shared with the receiving site.
If using both passphrase and TDE master encryption key, the export file can be decrypted transparently if the TDE master encryption key is available, or by providing a passphrase. This is convenient when export files are to be imported back into the source database, and shipped off to other locations where the matching TDE master encryption key is not available, but the temporary passphrase can be shared with the receiving site.
Oracle Data Pump supports the AES encryption standard with 256, 192 or 128 bit key lenght.
Oracle Data Pump command line parameters can be used to specify the granularity of data encryption in the export file. For example, Data Pump can be instructed to encrypt all information or only those columns currently encrypted using Oracle Transparent Data Encryption.
For more information on Oracle Data Pump encryption, please refer to the Oracle Database Utilities documentation.