Corporation Network Router User Manual
Public Key Infrastructure in an Oracle Environment
7-8 Oracle Database Advanced Security Administrator's Guide
Wallets
A wallet is a container that is used to store authentication and signing credentials,
including private keys, certificates, and trusted certificates needed by SSL. In an
Oracle environment, every entity that communicates over SSL must have a wallet
containing an X.509 version 3 certificate, private key, and list of trusted certificates
(with the exception of Diffie-Hellman).
Security administrators use Oracle Wallet Manager to manage security credentials
on the server. Wallet owners use it to manage security credentials on clients.
Specifically, you use Oracle Wallet Manager to do the following:
■ Generate a public-private key pair and create a certificate request
■ Store a user certificate that matches with the private key
■ Configure trusted certificates
Hardware security modules
Oracle Advanced Security uses these devices for the following functions:
■ Store cryptographic information, such as private keys
■ Perform cryptographic operations to off load RSA operations from the server,
freeing the CPU to respond to other transactions
Cryptographic information can be stored on two types of hardware devices:
■ (Server-side) Hardware boxes where keys are stored in the box, but managed by
using tokens.
■ (Client-side) Smart card readers, which support storing private keys on tokens.
An Oracle environment supports hardware devices using APIs that conform to the
RSA Security, Inc., Public-Key Cryptography Standards (PKCS) #11 specification.
Note: Installation of Oracle Advanced Security 10g Release 1
(10.1) also installs Oracle Wallet Manager release 10.1.
See Also:
■ Chapter 8, "Using Oracle Wallet Manager"
■ "Creating a New Wallet" on page 8-10
■ "Managing Trusted Certificates" on page 8-25