print Printer View e-mail E-mail this page Bookmark Bookmark
Back to the Oracle Advanced Security home page

Oracle Advanced Security - Transparent Data Encryption

Transparent Data Encrytion Oracle Database 10g Release 2 Transparent Data Encryption (included in Oracle Advanced Security) makes encryption of sensitive data simple by transparently encrypting data when it is written to disk and decrypting it when it is read back to the authorized user. Applications that display credit card numbers for further processing by a clerk don't have to be modified, and authorized users generally won't even notice the fact that the data has been encrypted on the storage media.

After only 4 easy steps, your sensitive data will be protected by Transparent Data Encryption.

While data encryption should not be used as a substitute for access control, storing data encrypted does provide an additional layer of protection on storage media. This helps protect sensitive data such as credit card numbers in the event of media theft. Media theft can occur due to poor physical security, operating system configuration or backup processes.

Transparent Data Encryption Announcements
  • SAP validation with Transparent Data Encryption has been completed:
    • SAP 640 kernel, for example: SAP R/3 4.7 Enterprise, NW2004, ECC5.0, BW 3.5, etc.
    • SAP 700 kernel and later, for example: ERP2005, NW2004s, ECC6.0, BI 7.0, etc.
    SAP customers and partners can refer to note 974876.
  • Oracle E-Business Suite validated with Transparent Data Encryption:
    • Available for E-Business Suite 11.5.9 with Consolidated Update 2 or higher (Details)

For backward compatibility, both the DBMS_OBFUSCATION_TOOLKIT and the newer, more powerful DBMS_CRYPTO package are still available with Oracle Database 10g Release 2.

(1) provided for backward compatilibiliy, don't use.
(2) Used internally, not available to the developer
Package Feature DBMS_OBFUSCATION_TOOLKIT
(Oracle8i and Oracle9i)		 DBMS_CRYPTO
(Oracle 10g and 10g R2)		 Transparent Data Encryption
(Oracle 10g R2 Adv. Sec. Option)
Cryptographic algorithms DES, 3DES DES, 3DES, AES, RC4, 3DES_2KEY(1) 3DES, AES (128, 192, and 256 bit)
Padding forms none supported PKCS5, zeroes PKCS5(2)
Block cipher chaining modes CBC CBC, CFB, ECB, OFB CBC(2)
Cryptographic hash algorithms MD5 SHA-1, MD4(1), MD5(1) SHA-1(2)
Keyed hash (MAC) algorithms none supported HMAC_MD5, HMAC_SH1 n/a
Cryptographic pseudo-random number generator RAW, VARCHAR2 RAW, NUMBER, BINARY_INTEGER n/a
Database types RAW, VARCHAR2 RAW, CLOB, BLOB All but: OBJ., ADT, LOB

The California Senate Bill 1386 (SB 1386) requires notification of your customers when unencrypted personally identifiable information (PII) or encrypted PII with an encryption key has been compromised, but does not specify the encryption method required. This document highlights the best practices for SB-1386 compliance.

Technical Information
Frequently Asked Questions Mar. 2008
Oracle Advanced Security 10g R2 Datasheet June 2006
Oracle Magazine: Encrypt Your Data Assets

Hands-On:
Using Transparent Data Encryption
 
Learn More
· Oracle by Example: Database Security

Security Options
· Oracle Database Vault
· Oracle Advanced Security
· Oracle Label Security
· Oracle Secure Backup

Security Features
· Data Encryption
· Virtual Private Database
· Proxy Authentication
· Enterprise User Security
· Secure Application Roles
· Fine Grained Auditing

Related Technologies
· Audit Vault
· Secure Backup
· Configuration Management
· Information Rights Management
· Identity Management

Previous Releases
· Oracle9iR2 Security
· Oracle9i Security

Discussion Forums
· Audit Vault
· Security
· Database
E-mail this page
Printer View Printer View
Oracle Is The Information Company About Oracle | Oracle RSS Feeds | Careers | Contact Us | Site Maps | Legal Notices | Terms of Use | Privacy