Sensitive Data Encryption

hi
i encrypt my new key in Put key command using data encryption session key with using TripleDES.
but only the first 8 bytes of the result are expected value for put key data field.
do you know what value shall be assigned to last 8 bytes of my encrypted key for PUT key command?

i solved problem with splitting new key
and TripleDES on first and second 8 bytes.

Similar Messages

  • Need to store sensitive data in a table, need to encrypt or data masking

    Hello,
    I have a table that contains a column of sensitive data. Which is a good method to encrypt this column? How about data masking the column? Other methods? Thank you in advance.

    Will need to share with us who is supposed to see and not supposed to see the data and under what circumstances.
    There are a number of ways to restrict access: via view/roles/privileges, encryption (DBMS_CRYPTO), or TDE if you want to buy the Advanced Security extra-cost option for Enterprise Edition.

  • How safe is to exchange encrypted sensitive data over unsecured network

    Hi All:
    We have developed a signed applet to display sensitive data. The applet communicates with Server over SSL connection. Applet is developed with SUN JDK 1.4.2_06 and uses JSSE to communicate with the Server, which is using openSSL. After we deployed the applet to end customers, we found that there exists a SocketTimeOut issue with JSSE bundled with SUN 14.2_06 JRE. We reported it to SUN and they told us that it is going to be fixed in a new release 1.4.2_11 that is going to come out by this month end.
    In the mean time we are exploring different options. Just wondering whether it is safe to use thirdy party libraries such as one from BouncyCastle, RSA (RSA-BSAFE C/J),etc. to encrypt the sensitive data and exchange the same over unsecured communication channels? We are for sure want to use asymmetric keys for encryption. We are not experts in security related matters. We would like to get some valuable inputs from you.
    Thanks a lot in advance....

    If you use public/private keys you are as safe as your private keys are. You will find this is rather slow. SSL uses the public/private keys to negotiate a one-time session key which is used symmetrically which is much quicker.

  • Is it possible to perform network data encryption between Oracle 11g databases without the advance security option?

    Is it possible to perform network data encryption between Oracle 11g databases without the advance security option?
    We are not licensed for the Oracle Advanced Security Option and I have been tasked to use Oracle Network Data Encryption in order to encryption network traffic between Oracle instances that reside on remote servers. From what I have read and my prior understanding this is not possible without ASO. Can someone confirm or disprove my research, thanks.

    Hi, Srini Chavali-Oracle
    As for http://www.oracle.com/technetwork/database/options/advanced-security/advanced-security-ds-12c-1898873.pdf?ssSourceSiteId… ASO is mentioned as TDE and Redacting Sensitive Data to Display. Network encryption is excluded.
    As for Network Encryption - Oracle FAQ (of course this is not Oracle official) "Since June 2013, Net Encryption is now licensed with Oracle Enterprise Edition and doesn't require Oracle Advanced Security Option." Could you clarify this? Thanks.

  • InfoCube Data Encryption

    Hi All,
    I am using HR Employee Specific Payroll Data 0PY_C02 for reporting on payroll data.
    The sensitivity of the data in this cube is tremendous. 
    First Question: Can data in an InfoCube be encrypted?
    Second Question: Method and Steps involved in implementing Data encryption?
    <removed_by_moderator>
    Regards,
    Ashutosh

    hello,
    not sure if this is achievable.
    but you can look at this thread which talks of masking data in BI.
    Archiving Encrypted Credit Card Data
    Regards,
    Dhanya.

  • SQL Server Transparent Data encryption

    I have implemented TDE for the Database and Column Level Encryption for Sensitive data in Tables. But, the Porblem is the data is entered through an front end application how could i encrypt this data when it is inserted from the Front end. And how to decry-pt
    this data for the users when it is selected.
    Your suggestions are most valuable.
    Reagrds
    Rehaan Khan
    RehaanKhan. M

    Let me start with a solution that may have been overlooked, but it is good to make sure we cover it. Have you considered using column-level permissions? It may not be a complete solution for your particular scenario if you need to give access to the column
    for other reasons (after all, the group you are trying to restrict is probably developing applications on top of the column storing sensitive data) or if the developer group has permission to create objects that would render the sensitive data subject to ownership
    chains. For more information on column-permissions look at
    http://msdn.microsoft.com/en-us/library/ms186915.aspx
    Assuming permissions alone will not solve the problem. By using encryption you should be able to limit access to the sensitive data to the developers, but it will also require some changes to your schema & application. TDE (Transparent Data Encryption)
    will not help you in this scenario since you need to restrict access to the data and restricting access to the column is not sufficient.
    The following links may be useful to get you started with SQL Encryption capabilities:
    SQL Server Encryption (http://msdn.microsoft.com/en-us/library/bb510663.aspx)
    Data Encryption in SQL Server (http://msdn.microsoft.com/en-us/library/bb669072(v=vs.110).aspx)
    Encrypt a Column of data (http://msdn.microsoft.com/en-us/library/ms179331.aspx)
    Cryptographic Functions (T-SQL) (http://msdn.microsoft.com/en-us/library/ms173744.aspx)
    Older articles, but they may still be quite useful:
    Indexing encrypted Data (http://blogs.msdn.com/b/raulga/archive/2006/03/11/549754.aspx)
    SQL Server 2005: searching encrypted data (http://blogs.msdn.com/b/lcris/archive/2005/12/22/506931.aspx)
    One recommendation may be to encrypt the data using an AES key, and protect the key using one or more certificates (I would recommend using a separate certificate per individual if possible), making sure that only authorized people have access to the keys.
    Anyone else with access to the column, but not to the keys would not be able to decrypt the data.
    BTW. I would also recommend using SQL Auditing (http://msdn.microsoft.com/en-us/library/cc280386.aspx) in order to keep honest people honest, by monitoring access to the keys & to the
    sensitive data.
    I hope this information helps,
    -Raul Garcia
    SQL Server Security
    This posting is provided "AS IS" with no warranties, and confers no rights.

  • Data Encryption Oracle

    Hi,
    I would like to know the best practice which we can adopt for data encryption .
    We have an Oracle Database Table with a sensitive data in one field.We would like to encrypt the data in this field and store it. When the application retrieves this,it shows the data only for privileged users.Can you suggest the best encryption method which can be used for this
    Thanks,
    SSN

    A new feature in Oracle Database 10g Release 2 lets you do just that..
    To encrypt columns using Transparent Data Encryption(TDE), all you need to do is add a simple clause—ENCRYPT—to the column definition. Before you do that, however, you must decide which type of encryption and key length to use.
    On a regular schema, suppose you have a table of account holders as follows
    ACC_NO NUMBER
    ACC_NAME VARCHAR2(30)
    SSN VARCHAR2(9)
    Currently, the table has all data in clear text. You want to convert the column SSN, which holds the Social Security Number, to be stored as encrypted. You can issue
    alter table accounts modify (ssn encrypt);
    This statement does two things:
    1.It creates an encryption key for the table. If you change another column in the same table to use the encrypted format, the same table key will be used.
    2.It converts all values in the column to encrypted format.
    This statement doesn't change the data type or the size of the column, nor does it create a trigger or a view.
    By default, the algorithm AES with 192-bit key is used to encrypt. You can also choose a different algorithm by specifying the appropriate additional clause in the command. For instance, to use 128-bit AES encryption, you can use
    alter table accounts modify (ssn encrypt using 'AES128');
    You can use AES128, AES192, AES256, or 3DES168 (168-bit Triple DES algorithm) as clauses. The values are self-explanatory; for instance, AES256 is for Advanced Encryption Standard algorithm with 256-bit key.
    After encrypting the column, you'll see the following when you describe the table:
    SQL> desc accounts
    Name     Null?     Type
    ACC_NO          NUMBER
    ACC_NAME          VARCHAR2(30)
    SSN          VARCHAR2(9) ENCRYPT

  • Posting sensitive data via href's

    Hey all
    Is it possible to send sensitive data which you don't want the user to see
    via a hyperlink to a servlet? As far as I know hyperlinks can only call the doGet method so the passed parameters are viewable to the user. Are there any best practices when wanting to communicate safely between JSP's and servlets using hyperlinks?
    Thanks!

    Get the query string and encrypt it using something like this:
    public static String encrypt(String msg){
    String passPhrase = "passphrase";
    try {
    KeySpec keySpec = new DESKeySpec(passPhrase.getBytes());
    SecretKey key = SecretKeyFactory.getInstance("DES").generateSecret(keySpec);
    Cipher ecipher = Cipher.getInstance(key.getAlgorithm());
    ecipher.init(Cipher.ENCRYPT_MODE, key);
    //Encode the string into bytes using utf-8
    byte[] utf8 = msg.getBytes("UTF8");
    //Encrypt
    byte[] enc = ecipher.doFinal(utf8);
    //Encode bytes to base64 to get a string
    return new sun.misc.BASE64Encoder().encode(enc);
    } catch (InvalidKeyException e) {
    e.printStackTrace();
    } catch (InvalidKeySpecException e) {
    e.printStackTrace();
    } catch (NoSuchAlgorithmException e) {
    e.printStackTrace();
    } catch (NoSuchPaddingException e) {
    e.printStackTrace();
    } catch (IllegalStateException e) {
    e.printStackTrace();
    } catch (IllegalBlockSizeException e) {
    e.printStackTrace();
    } catch (BadPaddingException e) {
    e.printStackTrace();
    } catch (UnsupportedEncodingException e) {
    e.printStackTrace();
    return null;
    }and attach back the encrypted query string as:
    http:\\mycompany.com?data=<the_encrypted_query_string_returned_by_above_method>
    Now, when you want to retrieve the contents of the query string, send the contents of the "data" to the method below:
    public static String decrypt(String msg){
    String passPhrase = "passphrase";
    KeySpec keySpec;
    try {
    keySpec = new DESKeySpec(passPhrase.getBytes());
    SecretKey key = SecretKeyFactory.getInstance("DES").generateSecret(keySpec);
    Cipher decipher = Cipher.getInstance(key.getAlgorithm());
    decipher.init(Cipher.DECRYPT_MODE, key);
    // Decode base64 to get bytes
    byte[] dec = new sun.misc.BASE64Decoder().decodeBuffer(msg);
    //Decrypt
    byte[] utf8 = decipher.doFinal(dec);
    //Decode using utf-8
    return new String(utf8, "UTF8");
    } catch (InvalidKeyException e) {
    e.printStackTrace();
    } catch (InvalidKeySpecException e) {
    e.printStackTrace();
    } catch (NoSuchAlgorithmException e) {
    e.printStackTrace();
    } catch (NoSuchPaddingException e) {
    e.printStackTrace();
    } catch (IOException e) {
    e.printStackTrace();
    } catch (IllegalStateException e) {
    e.printStackTrace();
    } catch (IllegalBlockSizeException e) {
    e.printStackTrace();
    } catch (BadPaddingException e) {
    e.printStackTrace();
    return null;You will now get the original query string, you should parse it to get the individual parameters, since you must already know the parameter names, the parsing part should be easy.

  • Encrypted disk image on a network, is the data encrypted during reading/writing?

    I'd like to use an encrypted image for storage of sensitive data on an openly accessible network storage. Does anyone know if the data that is written/read from the image (once it is mounted) is transferred over the network in an encrypted or decrypted form?
    It's seems important, since if the network connection is not encrypted then the data might be accessible to others.

    Efren,
    When you mount an encrypted disk image, the machine you are using (and on which the image is being mounted) is handling all encryption/decryption. So yes, the data that is transmitted across the network is already encrypted.
    Scott

  • Restrict sensitive data leakage from Printing, "Save as", Copying and Priting screen?

    Our CEO highly suspected some of our staff who have sold the confidential drawings to competitors but we do not have enough proof. How can we restrict sensitive data leakage from Printing, "Save as", Copying and Priting screen?
    Thank you for your advice in advance.

    calmman8 wrote:
    How can we restrict sensitive data leakage from Printing, "Save as", Copying and Priting screen?
    That all depends on how much hassel you'll willing to go through. You can save an image from Photoshop as a PDF...then inside of Acrobat (can't do it in Photoshop) you have two levels os security. You can require password to even open a PDF and the 2nd level is to require a second password to be able to print, edit or change (once opened there's nothing you can do about screen captures).
    So, you could then control the number of people that had the various password access to open or edit. But...keeping track of those passwords and making sure the people that need them have them can be an issue.
    Note that a secured password protected PDF can have text, images, movies and audio–pretty much anything you might need. Also note there are some issues regarding the password encryption...I don't recall what level of encryption is capable of being exported to forgien countries...you should look into that if disctribution would be outside of the US.

  • Safe to transmit sensitive data over 3G?

    The title pretty much sums up my question. Is is safe to transmit sensitive data, such as entering passwords to websites, while over the 3G network?
    I've read the articles about the 3G encryption being cracked but that was back in January and I haven't been able to find any updates.
    For now I'm playing it safe and I never enter any passwords, not even my iTunes password, unless I'm at home on my own Wi-Fi network, but that completely defeats the purpose of having a smartphone in the first place.

    Red Rooster wrote:
    Yes thank you, I do realize that. What I mean to ask is the security of the data being transmitted before it gets to the website. How secure is my data as it travels from my phone, across the 3G network, before it gets to the website? Can someone out there intercept it as it travels across AT&T's network?
    Yes, it's safe providing the site is encrypted. That's the point of encryption.

  • Testing network data encryption

    Hi,
    My sqlnet.ora file contains also:
    TRACE_LEVEL_CLIENT = SUPPORT
    TRACE_DIRECTORY_CLIENT = c:\temp
    TRACE_FILE_CLIENT = sqlnet_encryption.trc
    SQLNET.ENCRYPTION_TYPES_CLIENT= (AES256, AES192)
    SQLNET.ENCRYPTION_TYPES_SERVER= (3DES168)
    DIAG_ADR_ENABLED = OFFI want to test the network encryption. I have issued a select within hr schema (select * from employees), but when i access that .trc file, i can see it contains:
    [18-DEC-2012 20:51:04:002] naeecom: entry
    [18-DEC-2012 20:51:04:002] naeecom: Encryption inactive[18-DEC-2012 20:51:04:002] naeecom: exit
    [18-DEC-2012 20:51:04:002] naeccom: entry
    [18-DEC-2012 20:51:04:002] naeccom: Crypto-Checksumming inactive[18-DEC-2012 20:51:04:002] naeccom: exit
    [18-DEC-2012 20:51:04:002] na_tns: entry
    [18-DEC-2012 20:51:04:002] na_tns: Secure Network Services is available.
    [18-DEC-2012 20:51:04:002] nau_adi: entry
    [18-DEC-2012 20:51:04:002] nau_adi: exit
    [18-DEC-2012 20:51:04:002] na_tns:      authentication is active, using NTS
    [18-DEC-2012 20:51:04:002] na_tns:      encryption is not active
    [18-DEC-2012 20:51:04:002] na_tns:      crypto-checksumming is not active
    ...I want to know why it says encryption is not active, if i used Net Manager to specify encryption algorithms for both server and client.
    I have also restarted the database (shutdown / startup), with no effect (same 'encryption inactive').
    Thanks

    Hi, Srini Chavali-Oracle
    As for http://www.oracle.com/technetwork/database/options/advanced-security/advanced-security-ds-12c-1898873.pdf?ssSourceSiteId… ASO is mentioned as TDE and Redacting Sensitive Data to Display. Network encryption is excluded.
    As for Network Encryption - Oracle FAQ (of course this is not Oracle official) "Since June 2013, Net Encryption is now licensed with Oracle Enterprise Edition and doesn't require Oracle Advanced Security Option." Could you clarify this? Thanks.

  • Listener Start Problem with TDE (Transparent Data Encryption)

    i am testing Transparent Data Encryption in Oracle 10g by using the following link
    http://oracle-base.com/articles/10g/TransparentDataEncryption_10gR2.php
    Before Implementing the TDE listener was running fine but after implementation of TDE the listener was unable to start
    Please check the steps which i follow
    Step1-
    specify the ENCRYPTION_WALLET_LOCATION parameter in the sqlnet.ora file, now SQLNET.ora file looks like the following
    SQLNET.AUTHENTICATION_SERVICES= (NTS)
    NAMES.DIRECTORY_PATH= (TNSNAMES, EZCONNECT)
    ENCRYPTION_WALLET_LOCATION=
    (SOURCE=(METHOD=FILE)(METHOD_DATA=
    (DIRECTORY=D:\oracle\product\10.2.0\wallet\)))
    please check the contents of listener.ora file,i didn't make any configuration changes for listener before or after implementation of TDE
    SID_LIST_LISTENER =
    (SID_LIST =
    (SID_DESC =
    (SID_NAME = PLSExtProc)
    (ORACLE_HOME = D:\oracle\product\10.2.0\db_1)
    (PROGRAM = extproc)
    LISTENER =
    (DESCRIPTION_LIST =
    (DESCRIPTION =
    (ADDRESS = (PROTOCOL = IPC)(KEY = EXTPROC1))
    (ADDRESS = (PROTOCOL = TCP)(HOST = shakeel-pc.lhr.inov8.com.pk)(PORT = 1521))
    Step2-
    CONN sys/password AS SYSDBA
    ALTER SYSTEM SET ENCRYPTION KEY AUTHENTICATED BY "myPassword";
    TDE implemented successfuly implemented.
    But when i try to stop/start listener
    C:\>lsnrctl status
    LSNRCTL for 32-bit Windows: Version 10.2.0.1.0 - Production on 06-JUN-2008 05:44
    :30
    Copyright (c) 1991, 2005, Oracle. All rights reserved.
    Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=IPC)(KEY=EXTPROC1)))
    STATUS of the LISTENER
    Alias LISTENER
    Version TNSLSNR for 32-bit Windows: Version 10.2.0.1.0 - Produ
    ction
    Start Date 05-JUN-2008 22:40:14
    Uptime 0 days 7 hr. 4 min. 16 sec
    Trace Level off
    Security ON: Local OS Authentication
    SNMP OFF
    Listener Parameter File D:\oracle\product\10.2.0\db_1\network\admin\listener.o
    ra
    Listener Log File D:\oracle\product\10.2.0\db_1\network\log\listener.log
    Listening Endpoints Summary...
    (DESCRIPTION=(ADDRESS=(PROTOCOL=ipc)(PIPENAME=\\.\pipe\EXTPROC1ipc)))
    (DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=shakeel-pc.lhr.inov8.com.pk)(PORT=15
    21)))
    Services Summary...
    Service "PLSExtProc" has 1 instance(s).
    Instance "PLSExtProc", status UNKNOWN, has 1 handler(s) for this service...
    Service "orcl" has 1 instance(s).
    Instance "orcl", status READY, has 1 handler(s) for this service...
    Service "orclXDB" has 1 instance(s).
    Instance "orcl", status READY, has 1 handler(s) for this service...
    Service "orcl_XPT" has 1 instance(s).
    Instance "orcl", status READY, has 1 handler(s) for this service...
    The command completed successfully
    C:\>lsnrctl stop
    LSNRCTL for 32-bit Windows: Version 10.2.0.1.0 - Production on 06-JUN-2008 05:44
    :35
    Copyright (c) 1991, 2005, Oracle. All rights reserved.
    Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=IPC)(KEY=EXTPROC1)))
    The command completed successfully
    C:\>lsnrctl start
    [i]LSNRCTL for 32-bit Windows: Version 10.2.0.1.0 - Production on 06-JUN-2008 05:44
    :40
    Copyright (c) 1991, 2005, Oracle. All rights reserved.
    Starting tnslsnr: please wait...
    TNSLSNR for 32-bit Windows: Version 10.2.0.1.0 - Production
    System parameter file is D:\oracle\product\10.2.0\db_1\network\admin\listener.or
    a
    Log messages written to D:\oracle\product\10.2.0\db_1\network\log\listener.log
    Error listening on: (ADDRESS=(PROTOCOL=tcp)(HOST=127.0.0.1)(PARTIAL=yes)(QUEUESI
    ZE=1))
    No longer listening on: (DESCRIPTION=(ADDRESS=(PROTOCOL=ipc)(PIPENAME=\\.\pipe\E
    XTPROC1ipc)))
    TNS-12560: TNS:protocol adapter error
    TNS-00583: Valid node checking: unable to parse configuration parameters
    Listener failed to start. See the error message(s) above...
    To start the listener i have to close wallet as
    1- SQL>conn sys as sysdba
    ALTER SYSTEM SET WALLET CLOSE;
    2- Replace the SQLNET.ora file as previous ,now SQLNET.ora contains
    SQLNET.AUTHENTICATION_SERVICES= (NTS)
    NAMES.DIRECTORY_PATH= (TNSNAMES, EZCONNECT)
    Now if i start the listener then the listener was started succesfuly
    Please suggest why listener is not being start with TDE?

    I have the same problem. I'm testing TDE using Oracle 11gR1. After setting the parameter encryption_wallet_location and restart the listener, the listener failed to start. The error is exactly the same
    TNS-12560: TNS:protocol adapter error
    TNS-00583: Valid node checking: unable to parse configuration parameters
    By removing the parameter encryption_wallet_location, the listner can be started successfully.
    Anyone can help?

  • Need suggestion for data encryption

    Hello Experts,
    I need your expert opinion on one of the data encryption method. We have some legal compliance to implement data encryption as listed below, lets say we have to apply encryption on 2 tables (1) TAB_A (2) TAB_B.
    (1) Need data encryption on the TAB_A & TAB_B for 2-3 columns and not the entire table.
    (2) Data should not be in readable format, if anyone connect to database and query the table.
    (3) We have reporting services on our tables but reporting services doesn't connect to our schema directly rather they connect to a different schema to which we have given the table Select grant.
    (4) Reports should work as it is, and users should see the data in readable format only.
    (5) There are batch processes which generates the data into these tables and we are not allowed to make any changes to these batch processes.
    This is a business need which has to be delivered. I explored various options such as VPDs, Data encryption methods etc but honestly none of these are serving our business need. There is also a limitation of encrypting data as data volume of quiet high (30TB DB) and generally users query the data on millions of records at a time. Also reports have very tight SLAs as well. If we create any encryption wrapper then decrypt will take longer in reports and will cause the SLA miss for reports.
    Could someone please suggest any better solution to me or if something is inbuilt in Oracle? We are using Oracle 11g.
    Regds,
    Amit.

    you can read about Transparent Data Encryption
    Check
    http://docs.oracle.com/cd/B28359_01/network.111/b28530/asotrans.htm

  • How to handle sensitive data in BI?

    Hi there,
    we are about to load data from HR into BI. The authorities according to the queries and InfoProviders are lowered to a minimum so that only a group of people has access to those sensitive data.
    But what about the generated tables in which the data of the InfoProviders are stored? Some people are granted to use SE16 (e.g. the basis team). How is it possible to protect the data from being reviewed without changing the authorities of the basis team.
    Thanks in advance
    Dennis

    Hi Dennis,
    Q.How is it possible to protect the data from being reviewed without changing the authorities of the basis team.
    If you do not want to change the authorities provided to the basis team then you will have to opt for the data in the table to be scrambled so that on displaying the information is not meaningful.
    Not aware, if there could be other options.
    Thanks,
    Saby..

Maybe you are looking for

  • How do I create podcast links that open automatically in iTunes?

    I want to create different podcasts and distribute them via emails to my friends. I want to make it as simple as possible, so that my friends can click on the link to my feed, and have iTunes open automatically, and subscribe to my podcast without ta

  • Hotmail httpmail plug in with intel macs and 10.4.8

    Hi! After a search on this forum and at macosxhints.com, I found this plug in for mail to work with a (very old) Hotmail account. Does anyone know if it is still working before I install it? There seemed to be some doubt about it. http://sourceforge.

  • XSL namespace

    Hi, I want to add xmlns:xsi="http://www.sap.com" to a root element in XSL mapping.we can add the namepsacee directly in the element tag but i want to pass the xmlns:xsi and the URL in the xsl code for exmaple <root xmlns:xsi="http://www.sap.com"> <se

  • How to view Inbox of R/3.

    hi   Is it possible to view the inbox of R/3 in webdynpro and is thr any other way to get connected to R/3 rather than RFC's. regards arun

  • Can people share epub books via dropbox and use iBooks to read them?

    my sister put an epub copy of a book I'd like to read in my dropbox folder, but when i load it on itunes on my mac, then sync my ipad, I get an error message ( invalid file format) message. Is this a DRM issue? To me, it's the same as her buying a ha