Hi fred,
As Yogeeraj mentioned, DBMS_OBFUSCATION_TOOLKIT is the way to encrypt non-dictionary data.
We did this once when working for a Police services client, and we had to send the Nominla and Vehicle data to another site where the application team was and I used this package to encrypt the data.
But in the end some body must know the key that is being used to encrypt the data (IF NOT A DBA........ELSE WHO).
Here is more.....
since Oracle 8i release Oracle provides the ability to encrypt data stored in the database at the column level encrypting data that is sensitive to your business.
The package, DBMS_OBFUSCATION_TOOLKIT, is provided in both Standard Edition and Enterprise Edition. It does not require additional licensing. Note that the Advanced Security Option (ASO) that supports Network Encryption does require alicense.
In the Oracle9i three options available to a developer are discussed:
Store the key in the database
Store the key in the operating system
Have the user manage the key
Care must be taken by the application developers to ensure the secure generation and storage of encryption keys used with the package. Furthermore, the encryption and decryption done by the DBMS_OBFUSCATION_TOOLKIT takes place on the server, not the client. If the key is passed over the connection between the client and the server, the connection must be protected using Oracle Advanced Security. Otherwise the key is vulnerable to capture over the wire.
Data can only be encrypted using the DES (Data Encryption Standard) symmetric key algorithm. When using symmetric key algorithms, once the data is encrypted with a given key you cannot decrypt without using the same key.
The secrecy of encrypted data is dependent on the existence of a secret key shared between the communicating parties. Providing and maintaining such secret keys is known as "key management". Key management, including both generation and secure storage of cryptographic keys, is one of the most important aspects of encryption. If keys are poorly chosen or stored improperly, it is far easier for a malefactor to break the encryption. Rather than using an exhaustive key search attack (that is, cycling through all the possible keys in hopes of finding the correct decryption key, also known as 'brute force attack'), cryptanalysts typically seek weaknesses in the choice of keys, or the way in which keys are stored.
Remember that encryption is something that is easily done wrong and very hard to get right. Once you have chosen a secure algorithm, consider that as the first step in achieving security requirements. The next main problem is key management. Imagine, when a corporation wants to protect credit card information from rogue DBAs, it makes no sense to trust the DBAs with the encryption keys. In the real world, key management is the hardest part of cryptography.
Key storage is one of the most important, yet difficult aspects of encryption and one of the hardest to manage properly. To recover data encrypted with a secret key, the key must be accessible to the application or user seeking to decrypt data. The key needs to be easy enough to retrieve that users can access encrypted data when they need to without significant performance degradation. The key also needs to be secure enough so that it is not easily recoverable by an unauthorized user trying to access encrypted data he is not supposed to see.
Indira A
Never give up, Keep Trying
