Your suggested change has been received. Thank you.

close

Suggest A Change

https://thales.na.market.dpondemand.io/docs/dpod/services/kmo….

Thales Logo

All

  • All
back

Administration

search

Administration

CipherTrust Application Key Management (CAKM) for Oracle Transparent Data Encryption (TDE) provides key management and data encryption capabilities, in conjunction with the CipherTrust Manager, to Oracle TDE.

The advantages of using the CipherTrust Manager are:

  • Provides additional security by separation of the administrative access. For example, the system can be set up so that CipherTrust Application Data Protection Security Administrator can access only the keys, and the database administrator can access only the database.

  • Helps achieve compliance with PCI security standards.

  • Provides centralized storage and management of encryption keys.

The table and tablespace keys are encrypted using the master key. The master key is stored in an External Security Module (ESM) that can be one of the following:

  • Oracle Wallet: Provides a secure container outside the database. It is encrypted with a password.

  • CipherTrust Mananger: Provides a secure location for storing the TDE master encryption key (MEK). Oracle interfaces with this platform using the CAKM for Oracle TDE library.

The following diagram shows the integration:

Prerequisites

Ensure that:

  • The CipherTrust Manager is installed and configured. Refer to the CipherTrust Manager documentation for details.

  • Make sure that a user with the permissions CA Admins and Read-Only Admins exists on the CipherTrust Manager. This user is required when installing CAKM for Oracle TDE.

  • The NAE-XML interface is configured on the CipherTrust Manager. Refer to the CipherTrust Manager documentation for details.

  • The port configured on the NAE-XML interface is accessible from the client machine.

  • The connector license is activated on the CiperTrust Manager. Refer to the CipherTrust Manager documentation for details.

  • The Oracle Database must be installed on the target machine.

  • On the AIX platform, following modules along with their dependencies must be installed:

    • libgcc_s.a

    • libstdc++.a

Tip

Consider an example where you need to download libgcc6 and libstdc++6 for AIX 7.2 from below link:
https://www.ibm.com/support/pages/aix-toolbox-open-source-software-downloads-date.

You can install these RPMs using the command rpm -Uvh <package_name>.
Example:
rpm -Uvh libgcc6-6.3.0-2.aix7.2.ppc.rpm
rpm -Uvh libstdcplusplus6-6.3.0-2.aix7.2.ppc.rpm

After installing the RPMs, check whether libgcc_s.a and libstdc++.a modules are available inside /usr/lib/. If not found, then create a soft link of these libraries from /opt/freeware/lib/.
Example:
ln -s /opt/freeware/lib/gcc/powerpc-ibm-aix7.2.0.0/6/libgcc_s.a /usr/lib/
ln -s /opt/freeware/lib/gcc/powerpc-ibm-aix7.2.0.0/6/libstdc++.a /usr/lib/

Integrating Oracle TDE with CipherTrust Manager

To integrate Oracle TDE with the CipherTrust Manager:

  1. Install and Configure CAKM for Oracle TDE

  2. Integrate Oracle TDE with CipherTrust Manager on Oracle 19c

On this page