Security Guide : 6. Using Data at Rest Encryption
 
Share this page                  
Using Data at Rest Encryption
 
What Is Data at Rest Encryption?
How Encryption Works
The Power of Encryption
Transparent vs. Function-based Encryption
Function-based Encryption (Application-level Encryption)
Encryption Information Displayed with HELP TABLE
How to Compute the Width of Encrypted Data
Data at Rest Encryption Restrictions
Implications of Data Encryption for Database Design and Operations
Understanding SALT
Encryption and Copydb/Unloaddb Considerations
Optimizedb Considerations for Data at Rest Encryption
Log Records and Passphrases
Encryption and Partitioned Tables
What Is Data at Rest Encryption?
Data "at rest" refers to data on physical media recorded in a persistent form in Vector database table, transaction log, journal, and checkpoint files.
Data at rest encryption allows specific database table columns to be encrypted. Data in the protected columns is stored on disk or other media in encrypted form and can only be accessed if the encryption passphrase is known.
Encrypted columns are stored in the database files using 128-, 192-, or 256-bit Advanced Encryption Standard (AES) encryption. A single AES key protects any data in a table that contains encrypted columns. The encryption is transparent to the applications accessing the data.
Data at rest encryption does not protect data outside of the database, which includes:
Data passed back and forth to applications
Transactions that implement data replication at a logical (vs. binary, journal application) level
Files created using copydb
Note:  If the security of data transmitted over a network is important, you can implement protection using other mechanisms such as AES or KERBEROS. Flat files containing sensitive information that is encrypted in the database should be stored in encrypted files or on encrypted media.