Handling DBMS_CRYPTO_KEYS

• From: Dave Morgan <oracle@xxxxxxxxxxx>
• To: Oracle-L <oracle-l@xxxxxxxxxxxxx>
• Date: Wed, 08 Oct 2014 09:43:27 -0600

Hi All,
        I am retrofitting encryption to some sensitive data using the 
DBMS_CRYPTO package and my
final issue appears to securely managing the encryption key. I am not worried 
about physical key
value escrow

The setup is all data and objects are owned by a restricted access DATA OWNER 
account. All data
access is through other accounts with various levels of privilege.

The data owner account has the following package with the following private 
members:

        FUNCTION DECRYPT_TEXT (ENCRYPT_TEXT_IN VARCHAR2) RETURN VARCHAR2;
        FUNCTION ENCRYPT_TEXT (PLAIN_TEXT_IN VARCHAR2) RETURN VARCHAR2;
        PROCEDURE LOAD_KEY (KEY_IN VARCHAR2);

The functions are used inline in custom views and a pre insert trigger. 
LOAD_KEY must be called
before clients can access the data.

I can create a wrapped package with a single call to LOAD_KEY so the key is 
never in clear text
and then call that on startup, However, if the data owner account is breached 
then the encryption
is breached.

Would moving the decrypt function out of the data owner schema prevent 
meaningful access
to the encrypted data by the owner schema?

Am I missing anything else?

TIA
Dave
--
Dave Morgan
Senior Consultant, 1001111 Alberta Limited
dave.morgan@xxxxxxxxxxx
403 399 2442
--
//www.freelists.org/webpage/oracle-l

• Follow-Ups:
  • Re: Handling DBMS_CRYPTO_KEYS
    • From: Brent Day

Other related posts:

• » Handling DBMS_CRYPTO_KEYS - Dave Morgan
• » Re: Handling DBMS_CRYPTO_KEYS- Brent Day

1. Home
2. oracle-l
3. Archive
4. 10-2014

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---