Your suggested change has been received. Thank you.


Suggest A Change….



Oracle Transparent Data Encryption (TDE)


Oracle Transparent Data Encryption (TDE)

This document contains the necessary information to configure and integrate Oracle Transparent Data Encryption (TDE) with CipherTrust Mananger.

The table and tablespace keys are encrypted using the master key. The master key is stored in an External Security Module (ESM) that can be one of the following:

  • Oracle Wallet: a secure container outside the database. It is encrypted with a password.

  • CipherTrust Mananger: provides a secure location for storing the TDE master encryption key. Oracle interfaces to this platform using SafeNet ProtectApp PKCS#11 library.

Following diagram shows the integration:

Supported Product Versions

Operating Systems

  • Windows Server 2012, 64-bit

  • Windows Server 2012 R2, 64-bit

  • Windows Server 2016, 64-bit

  • RHEL 5 64-bit, RHEL 6 64-bit, RHEL 7 64-bit

  • AIX 6.1 PowerPC 64-bit, AIX 7.1 PowerPC 64-bit, AIX 7.2 64-bit

  • Solaris 10 SPARC 64-bit, Solaris 11.2 64-bit, Solaris 11.3 64-bit

  • openSUSE 11.2, openSUSE 11.4

  • SLES-12

Oracle Database

  • Oracle Database 12C

  • Oracle Database 19C

CipherTrust Manager

  • CipherTrust Manager 2.0 or higher

SafeNet ProtectApp PKCS#11 library

  • SafeNet ProtectApp PKCS#11 library 8.9.0 or higher


This section lists the prerequisites to perform the integration.

  • Ensure that CipherTrust Manager is installed and configured. For more details, refer to the CipherTrust Manager documentation.

  • Oracle Database is installed on the target machine. For more details, refer to the Oracle documentation.

  • CipherTrust Manager‌ must be installed and NAE-XML interface must be configured. Refer to the CipherTrust Manager Documentation.

  • Ensure that the connector license is activated on the CiperTrust Manager. For more details, refer to the CipherTrust Manager Documentation.

  • Ensure that the port configured on NAE-XML interface is accessible from Oracle TDE machine.

Integrating Oracle TDE with CipherTrust Manager

To integrate Oracle TDE with CipherTrust Manager, you need to perform the following steps:

After performing the above steps, you can: