|
Two methods of database encoding are supported: simple obfuscation and strong encryption .
Simple obfuscation is intended to make it difficult, but not impossible, for someone using a disk utility to casually inspect the contents of your database. Simple obfuscation does not require a key (password) to encode the database.
Strong encryption makes a database unusable without a key (password). The data in the database is secure from inspection. An algorithm encrypts the information contained in your database and transaction log files so it cannot be read.
The algorithm used to implement strong encryption is AES: a block encryption algorithm chosen as the new Advanced Encryption Standard (AES) for block ciphers by the National Institute of Standards and Technology (NIST).
You can indicate the use of a 128-bit encryption algorithm using the AES keyword. You can indicate the use of a 256-bit encryption algorithm using the AES256 keyword. This encryption technology is included and does not require a separate license.
You can also indicate the use of a separately licensed FIPS-certified AES module for strong encryption by specifying one of the AES_FIPS (128-bit algorithm) or AES256_FIPS (256-bit algorithm) keywords. When the database server is started with the -fips option, you can start databases encrypted with any of the AES, AES256, AES_FIPS, or AES256_FIPS strong encryption algorithms, but not databases encrypted with simple obfuscation. Unencrypted databases can also be started on the server when -fips is specified.
To start a database encrypted with AES_FIPS or AES256_FIPS, the separately licensed FIPS-certified AES module must be installed on the computer.
All strong encryption technologies are subject to export regulations.