7.17.2 Transparent Data Encryption (TDE)
Transparent Data Encryption (TDE) enables you to encrypt sensitive data, such
as Personally Identifiable Information (PII), that you store in tables and tablespaces.
After the data is encrypted, this data is transparently decrypted for authorized users
or applications when they access this data. To prevent unauthorized decryption, TDE
stores the encryption keys in a security module external to the database, called a
Keystore. For more details on TDE, see the Database Advanced Security Guide.
TDE tablespace encryption enables you to encrypt all of the data stored in a
tablespace. To control the encryption, you use a Keystore and TDE master encryption key.
Oracle Database supports both software keystores and hardware, or HSM-based, keystores.
A software keystore is a container for the TDE master encryption key, and it resides in
the software file system.
To configure TDE for OFSAA, follow these steps: