Manualshelf

User's Manual

ManualsBrandsOracle ManualsNetwork RouterOracle Database B10772-01
101102103104105106107108109110
How To Configure Data Encryption and Integrity
3-6 Oracle Database Advanced Security Administrator's Guide
About Activating Encryption and Integrity
In any network connection, it is possible for both the client and server to each
support more than one encryption algorithm and more than one integrity
algorithm. When a connection is made, the server selects which algorithm to use, if
any, from those algorithms specified in the sqlnet.ora files.
The server searches for a match between the algorithms available on both the client
and the server, and picks the first algorithm in its own list that also appears in the
client list. If one side of the connection does not specify an algorithm list, all the
algorithms installed on that side are acceptable. The connection fails with error
message ORA-12650 if either side specifies an algorithm that is not installed.
Encryption and integrity parameters are defined by modifying a sqlnet.ora file on
the clients and the servers on the network.
You can choose to configure any or all of the available Oracle Advanced Security
encryption algorithms (Table 3–2), and either or both of the available integrity
algorithms (Table 3–3). Only one encryption algorithm and one integrity algorithm
are used for each connect session.
About Negotiating Encryption and Integrity
To negotiate whether to turn on encryption or integrity, you can specify four
possible values for the Oracle Advanced Security encryption and integrity
configuration parameters. The four values are listed in the order of increasing
security. The value REJECTED provides the minimum amount of security between
client and server communications, and the value REQUIRED provides the maximum
amount of network security:
REJECTED
ACCEPTED
Note: Oracle Advanced Security selects the first encryption
algorithm andthe first integrity algorithm enabledon the client and
the server. Oracle Corporation recommends that you select
algorithms and key lengths in the order in which you prefer
negotiation, choosing the strongest key length first.
See Also: Appendix A, "Data Encryption and Integrity
Parameters"