问题描述
嗨,
我们想加密一些本地Oracle数据库。
如果可能,我们希望避免使用物理HSM或与第三方HSM云提供商签约。
这是否可以将KEK存储在GCP或Azure中,并将我们的本地数据库与之接口?
我还不需要技术细节,只需要关于可能性的信息。
谢谢!
奥利维尔
我们想加密一些本地Oracle数据库。
如果可能,我们希望避免使用物理HSM或与第三方HSM云提供商签约。
这是否可以将KEK存储在GCP或Azure中,并将我们的本地数据库与之接口?
我还不需要技术细节,只需要关于可能性的信息。
谢谢!
奥利维尔
专家解答
这是来自这里托管的TDE常见问题:
https://www.oracle.com/database/technologies/faq-tde.html
Can TDE store its master encryption key in an external device using the PKSC11 interface?
Starting in Oracle Database 11g Release 2, customers of Oracle Advanced Security Transparent Data Encryption (TDE) optionally may store the TDE master encryption key in an external device using the PKCS11 interface. In this setup, the master key is stored directly in the third-party device rather than in the included Oracle Wallet (note: the Oracle Wallet is a PKCS12 file-based keystore which is used by most TDE customers).
When using PKCS11, the third-party vendor provides the storage device, PKCS11 software client library, secure communication from the device to the PKCS11 client (running on the database server), authentication, auditing, and other related functionality. The vendor also is responsible for testing and ensuring high-availability of the TDE master encryption key in diverse database server environments and configurations. Customers should contact the device vendor to receive assistance for any related issues.
因此,只要您的提供商支持这一点,它就应该是可能的。
https://www.oracle.com/database/technologies/faq-tde.html
Can TDE store its master encryption key in an external device using the PKSC11 interface?
Starting in Oracle Database 11g Release 2, customers of Oracle Advanced Security Transparent Data Encryption (TDE) optionally may store the TDE master encryption key in an external device using the PKCS11 interface. In this setup, the master key is stored directly in the third-party device rather than in the included Oracle Wallet (note: the Oracle Wallet is a PKCS12 file-based keystore which is used by most TDE customers).
When using PKCS11, the third-party vendor provides the storage device, PKCS11 software client library, secure communication from the device to the PKCS11 client (running on the database server), authentication, auditing, and other related functionality. The vendor also is responsible for testing and ensuring high-availability of the TDE master encryption key in diverse database server environments and configurations. Customers should contact the device vendor to receive assistance for any related issues.
因此,只要您的提供商支持这一点,它就应该是可能的。
文章转载自ASKTOM,如果涉嫌侵权,请发送邮件至:contact@modb.pro进行举报,并提供相关证据,一经查实,墨天轮将立刻删除相关内容。
评论
相关阅读
Oracle RAC ASM 磁盘组满了,无法扩容怎么在线处理?
Lucifer三思而后行
940次阅读
2025-03-17 11:33:53
Oracle DataGuard高可用性解决方案详解
孙莹
400次阅读
2025-03-26 23:27:33
墨天轮个人数说知识点合集
JiekeXu
342次阅读
2025-04-01 15:56:03
XTTS跨版本迁移升级方案(11g to 19c RAC for Linux)
zwtian
333次阅读
2025-04-08 09:12:48
Oracle SQL 执行计划分析与优化指南
Digital Observer
303次阅读
2025-04-01 11:08:44
风口浪尖!诚通证券扩容采购Oracle 793万...
Roger的数据库专栏
282次阅读
2025-03-24 09:42:53
Oracle 19c RAC更换IP实战,运维必看!
szrsu
279次阅读
2025-04-08 23:57:08
切换Oracle归档路径后,不能正常删除原归档路径上的归档文件
dbaking
278次阅读
2025-03-19 14:41:51
oracle定时任务常用攻略
virvle
272次阅读
2025-03-25 16:05:19
Oracle NetSuite 客户说|健合(H&H)集团部署 Oracle NetSuite,全面提升全球运营效率
甲骨文中国
254次阅读
2025-03-28 15:00:30
