Table of Contents
Advertisement
Configuring Your System to Use Hardware Security Modules
Configuring Your System to Use Hardware Security Modules
Oracle Advanced Security supports hardware security modules that use APIs
which conform to the RSA Security, Inc., PKCS #11 specification. Typically, these
hardware devices are used to securely store and manage private keys in tokens or
smart cards, or to accelerate cryptographic processing.
This section contains the following topics:
General Guidelines for Using Hardware Security Modules with Oracle Advanced
Security
The following general guidelines apply if you are using a hardware security
module with Oracle Advanced Security:
1.
2.
3.
4.
You can use the wallet containing PKCS #11 information just as you would use any
Oracle wallet, except the private keys are stored on the hardware device and the
cryptographic operations are performed on the device as well.
7-48 Oracle Database Advanced Security Administrator's Guide
General Guidelines for Using Hardware Security Modules with Oracle
Advanced Security
Configuring Your System to Use nCipher Hardware Security Modules
Troubleshooting Using Hardware Security Modules
Contact your hardware device vendor to obtain the necessary hardware,
software, and PKCS #11 libraries.
Install the hardware, software, and libraries where appropriate for the
hardware security module you are using.
Test your hardware security module installation to ensure that it is operating
correctly. Refer to your device documentation for instructions.
Create a wallet of the type PKCS11 by using Oracle Wallet Manager and specify
the absolute path to the PKCS #11 library (including the library name) if you
wish to store the private key in the token. Oracle PKCS11 wallets contain
information that points to the token for private key access.
"Creating a Wallet to Store Hardware Security Module
See Also:
Credentials"
on page 8-11
Advertisement
Chapters
Table of Contents
Troubleshooting
