Administration
Installing and Configuring CAKM for Oracle TDE
Installing CAKM for Oracle TDE on RHEL/Oracle Linux
Installing CAKM for Oracle TDE on Windows
Configuring CAKM for Oracle TDE
Integrating TDE with CipherTrust Manager on Oracle 19c
Integrating Oracle Data Guard with CipherTrust Manager on Oracle 19c
Integrating TDE with CipherTrust Manager on Oracle 19c Exadata Cloud@Customer (ExaCC) in Data Guard Setup
Performing Cryptographic Operations on Existing Tablespaces
Tasks
- Column and Tablespace Encryption
- Master Key Rotation
- Verify Master Key
- Activate Master Key Using Key Identifier
- Tracking the Opaque Object associated with the AES Key
- Identifying Process Name through Logs
Advanced Topics
- Configuring Properties File
- Creating Oracle TDE Authentication Credentials on CipherTrust Manager
- Using Domain with Oracle TDE
- Using LDAP User
- Key Caching
- Securing Credentials
- Setting up SSL/TLS
- Authenticating Client Certificate on CipherTrust Manager
- Update/Change HSM Keystore
- Upgrading CAKM for Oracle TDE Provider
- Uninstalling CAKM for Oracle TDE Provider
- Communication between CAKM for Oracle TDE and CipherTrust Manager
- Error Messages
Appendix

CAKM for Oracle TDE
Administration
Tasks
Tracking the Opaque Object associated with the AES Key
- Version 8.14.0
  - Version 8.14.0

Tracking the Opaque Object associated with the AES Key

This section explains how to track the Opaque object associated with AES Key for CAKM for Oracle TDE 8.14.0 and above. This helps you to track and audit the mapping between Opaque Object and AES key.

While rotating or creating a master key in CAKM for Oracle TDE, Oracle creates two objects on CipherTrust Manager:

AES Key
Opaque object

For more information on Opaque object and AES Key, click here.

How to track?

You can identify the key associated with the corresponding opaque object through the ALIASES and similarly, the Opaque object can be identified through the ALIASES of the associated Key.

Consider an example where the Opaque object and Key is created on CipherTrust Manager after rotating or creating a master key. Refer to the screen below.

In the above example, you can identify the Opaque object associated with the AES Key through its ALIASES and similarly, the AES key can be identified through the ALIASES of the associated Opaque object.

Important Points

For CAKM for Oracle TDE 8.13.0 and below (up to 8.11.0):

To identify the key associated with the Opaque object, convert the Hexadecimal value preceded by ORACLE.SECURITY.KM.ENCRYPTION. to the corresponding ASCII text.
To identify the Opaque object associated with the Key, convert the ASCII text preceded by ORACLE.TDE.HSM.MK. to the corresponding Hexadecimal value.

Consider the Opaque Object, ORACLE.SECURITY.KM.ENCRYPTION.<Hexadecimal value>. So, after converting the Hexadecimal value to the corresponding ASCII text, the respective Key will be ORACLE.TDE.HSM.MK.<ASCII text>.

Example:

For Opaque Object, ORACLE.SECURITY.KM.ENCRYPTION.30363137343541453342444145343446344342464541423433324646313343364243, convert the Hexadecimal value (30363137343541453342444145343446344342464541423433324646313343364243) to ASCII text. So, the respective Key will be ORACLE.TDE.HSM.MK.061745AE3BDAE44F4CBFEAB432FF13C6BC.

Tracking the Opaque Object associated with the AES Key

How to track?

Important Points

On this page

Suggest A Change