Yeah... I see now... and the only options are No Encryption or TLS. Maybe the RFE should be to include Shared Secret Key as one of the options. At least that request won't request anything completely new in DataPower.
Original Message:
Sent: Fri March 22, 2024 12:20 PM
From: Tyler Nelson
Subject: Oracle Native Network Encryption Support vs TLS
Well, when the Native Encryption was enabled on Oracle, the SQL Data Source objects went down. We made some attempts at modifying the Advanced Parameters as follows:
setDataIntegrityLevel = 1
setDataIntegrityTypes = SHA512
setEncryptionLevel = 1
setEncryptionTypes = AES256
That resulted in the following types of errors:
0x8180008e
sql-source (SQLDataSource_DSN):Cannot establish database connection: ORA-12660: Encryption or crypto-checksumming parameters incompatible
We opened a case and the support team says this is not supported with DataPower. Just trying to understand the reasoning behind it (are there security gaps?) and figure out options.
------------------------------
Tyler Nelson
Erie Insurance
Original Message:
Sent: Fri March 22, 2024 10:39 AM
From: Joseph Morgan
Subject: Oracle Native Network Encryption Support vs TLS
Yes, though this can be requested through an RFE, I'd also add: well, good luck.
But I am a bit confused. Though I'm no expert of Oracle Native Encryption, according to my quick reading, using Oracle Native Encryption requires no changes on the client side. Being, in this case, I suppose DataPower is the client, what happens when you point DataPower at an Oracle server using Native Encryption?
EDIT:: OK, I should have done more reading, and I'm sure I still haven't done enough. According to the Oracle docs:
The purpose of a secure cryptosystem is to convert plaintext data into unintelligible ciphertext based on a key, in such a way that it is very hard (computationally infeasible) to convert ciphertext back into its corresponding plaintext without knowledge of the correct key.
In a symmetric cryptosystem, the same key is used both for encryption and decryption of the same data. Oracle Database provides the Advanced Encryption Standard (AES) symmetric cryptosystem for protecting the confidentiality of Oracle Net Services traffic.
Sounds, to me, it is using a symmetric (shared secret) key. That is possible in DataPower.
------------------------------
Joseph Morgan
Original Message:
Sent: Fri March 22, 2024 10:24 AM
From: Tyler Nelson
Subject: Oracle Native Network Encryption Support vs TLS
Does anyone have any insight into why DataPower does not Oracle Native Network Encryption? Are there any reasons why only TLS can be used for secure connections to Oracle databases? Is this functionality that could be requested through an RFE?
------------------------------
Tyler Nelson
Erie Insurance
------------------------------