DataPower

Does anyone have any insight into why DataPower does not Oracle Native Network Encryption?  Are there any reasons why only TLS can be used for secure connections to Oracle databases?  Is this functionality that could be requested through an RFE?

------------------------------
Tyler Nelson
Erie Insurance
------------------------------

Yes, though this can be requested through an RFE, I'd also add:  well, good luck.

But I am a bit confused.  Though I'm no expert of Oracle Native Encryption, according to my quick reading, using Oracle Native Encryption requires no changes on the client side.   Being, in this case, I suppose DataPower is the client, what happens when you point DataPower at an Oracle server using Native Encryption?

EDIT::  OK, I should have done more reading, and I'm sure I still haven't done enough.  According to the Oracle docs:

The purpose of a secure cryptosystem is to convert plaintext data into unintelligible ciphertext based on a key, in such a way that it is very hard (computationally infeasible) to convert ciphertext back into its corresponding plaintext without knowledge of the correct key.

In a symmetric cryptosystem, the same key is used both for encryption and decryption of the same data. Oracle Database provides the Advanced Encryption Standard (AES) symmetric cryptosystem for protecting the confidentiality of Oracle Net Services traffic.

Sounds, to me, it is using a symmetric (shared secret) key.    That is possible in DataPower.

------------------------------
Joseph Morgan

Original Message:
Sent: Fri March 22, 2024 10:24 AM
From: Tyler Nelson
Subject: Oracle Native Network Encryption Support vs TLS

Does anyone have any insight into why DataPower does not Oracle Native Network Encryption?  Are there any reasons why only TLS can be used for secure connections to Oracle databases?  Is this functionality that could be requested through an RFE?

------------------------------
Tyler Nelson
Erie Insurance
------------------------------

Well, when the Native Encryption was enabled on Oracle, the SQL Data Source objects went down.  We made some attempts at modifying the Advanced Parameters as follows:

setDataIntegrityLevel = 1

setDataIntegrityTypes = SHA512

setEncryptionLevel = 1

setEncryptionTypes = AES256

That resulted in the following types of errors:

0x8180008e
sql-source (SQLDataSource_DSN):Cannot establish database connection: ORA-12660: Encryption or crypto-checksumming parameters incompatible

We opened a case and the support team says this is not supported with DataPower.  Just trying to understand the reasoning behind it (are there security gaps?) and figure out options.

Yes, though this can be requested through an RFE, I'd also add:  well, good luck.

But I am a bit confused.  Though I'm no expert of Oracle Native Encryption, according to my quick reading, using Oracle Native Encryption requires no changes on the client side.   Being, in this case, I suppose DataPower is the client, what happens when you point DataPower at an Oracle server using Native Encryption?

EDIT::  OK, I should have done more reading, and I'm sure I still haven't done enough.  According to the Oracle docs:

The purpose of a secure cryptosystem is to convert plaintext data into unintelligible ciphertext based on a key, in such a way that it is very hard (computationally infeasible) to convert ciphertext back into its corresponding plaintext without knowledge of the correct key.

In a symmetric cryptosystem, the same key is used both for encryption and decryption of the same data. Oracle Database provides the Advanced Encryption Standard (AES) symmetric cryptosystem for protecting the confidentiality of Oracle Net Services traffic.

Sounds, to me, it is using a symmetric (shared secret) key.    That is possible in DataPower.

------------------------------
Joseph Morgan

Original Message:
Sent: Fri March 22, 2024 10:24 AM
From: Tyler Nelson
Subject: Oracle Native Network Encryption Support vs TLS

Does anyone have any insight into why DataPower does not Oracle Native Network Encryption?  Are there any reasons why only TLS can be used for secure connections to Oracle databases?  Is this functionality that could be requested through an RFE?

------------------------------
Tyler Nelson
Erie Insurance
------------------------------