| data encryption [message #538952] |
Tue, 10 January 2012 08:51  |
caprikar
Messages: 226
Registered: March 2007
|
Senior Member |
|
|
Hi,
I have oracle 11gR2 running on Unix and I need to encrypt some columns in a table which has about 100 million records. What is the best way to encrypt the data and approximately how long it will take to encrypt those existing data?
Thanks
|
|
|
|
|
|
| Re: data encryption [message #538958 is a reply to message #538952] |
Tue, 10 January 2012 09:09  |
John Watson
Messages: 8964
Registered: January 2010
Location: Global Village
|
Senior Member |
|
|
Would this be for conformance with the PCI rules? If so, you have to do it.
I believe that this is a case where you should spend money to save money. Using Enterprise Edition and the Advanced Encryption option, you as DBA can set up the encryption declaratively. If you have Standard Edition, you have to do it programatically with DBMS_CRYPTO. There are techniques for making that sort-of transparent, but it isn't fun.
But if you don't have to do this, then don't.
|
|
|
|
| Re: data encryption [message #538965 is a reply to message #538958] |
Tue, 10 January 2012 09:28 |
caprikar
Messages: 226
Registered: March 2007
|
Senior Member |
|
|
Hi,
I have to do this to make it PCI compliant and to protect sensitive data from all users, there should be a mechanism by which users can decrypt the data whenever they want but it has to be stored in the encrypted format.
|
|
|
|
| Re: data encryption [message #538967 is a reply to message #538965] |
Tue, 10 January 2012 09:40 |
John Watson
Messages: 8964
Registered: January 2010
Location: Global Village
|
Senior Member |
|
|
The Advanced Encryption Option might have been made for retro-fitting PCI compliance to existing applications, we've worked on this for clients before. It's pretty quick to do. If you need consulting help, send me a PM.
|
|
|
|
| Re: data encryption [message #538974 is a reply to message #538965] |
Tue, 10 January 2012 10:46 |
 |
Michel Cadot
Messages: 68732
Registered: March 2007
Location: Saint-Maur, France, https...
|
Senior Member
Account Moderator |
|
|
caprikar wrote on Tue, 10 January 2012 16:28Hi,
I have to do this to make it PCI compliant and to protect sensitive data from all users, there should be a mechanism by which users can decrypt the data whenever they want but it has to be stored in the encrypted format.
To protect from ALL users (inside the database) there are only 2 ways:
- Encrypt in the application
- Use Database Vault
If you want to protect from ALL users outside the database (theft of data files), you also have, in the second option, to use Oracle native encryption as John mentioned.
Of course, you also have to encrypt network (using Oracle native network encryption or SSL).
Regards
Michel
|
|
|
|
| Re: data encryption [message #538979 is a reply to message #538974] |
Tue, 10 January 2012 10:53 |
John Watson
Messages: 8964
Registered: January 2010
Location: Global Village
|
Senior Member |
|
|
Quote:Of course, you also have to encrypt network (using Oracle native network encryption or SSL). This is where PCI is precise: the rule is that data must be encypted while "at rest". ie, it does NOT need to be encrypted on the network or in memory, only on disc. Data Vault is not needed for PCI, because the rules are not about access at that level.
The PCI rules are strange things.
|
|
|
|
|
|
|
|
| Re: data encryption [message #547159 is a reply to message #539127] |
Tue, 13 March 2012 02:30 |
 |
paddysmith
Messages: 2
Registered: March 2012
Location: USA
|
Junior Member |
|
|
Encryption methods can be SYMMETRIC in which encryption and decryption keys are the same, or ASYMMETRIC (aka 'Public Key') in which encryption and decryption keys differ. 'Public Key' methods must be asymmetric, to the extent that the decryption key CANNOT be easily derived from the encryption key. Symmetric keys, however, usually encrypt more efficiently, so they lend themselves to encrypting large amounts of data.
[Updated on: Tue, 13 March 2012 02:46] by Moderator Report message to a moderator |
|
|
|
] 
Blog
Search
Help
Members
Register
Login
Home
