SCA 6000 for Oracle TDE
By Stefan Hinker-Oracle on Jun 01, 2010
In February, I described, how to configure the softtoken store of the Solaris Cryptographic Framework as a "software-HSM" for Oracle TDE. In the meantime, the SCA 6000 card was certified for use with Oracle TDE. There is also a "Whitepaper" available, describing SCA 6000 setup and configuration for TDE. I was lucky enough to get my hands on one of these cards and test for myself. It works, of course. What makes using the SCA 6000 so attractive is the additional possibilities the card has to offer. You can lock and unlock the keystore to prevent any further wallet and column encryption operations. You can also implement a Two-Person-Rule, using the card's software. This allows to separate access to the master key from "normal" database administration. This is often required in high-security environments.