I am looking to implement a secure method for encrypting some data on our systems that will be accessed by many different code bases from many different sources.
Essentially, we have a system of .NET applications (WPF, ASP.NET and WinForms) that access different databases. Some apps access SQL Server 2008, some Oracle 10g. We also have Java/JSP applications that also access Oracle 10i as well. There is some data I am wanting to keep encrypted so that the applications can read/write the data, but someone just running a query on the servers could not.
My initial idea was from SQL Server 2008. Using a Symmetric Key to encrypt the data on a column and encrypting that key with an Asymmetric Key or Certificate. The problem is, I don't know how I would implement something like that on Oracle.
What I am hoping for, is some kind of solution that would work across all platforms and would not require copying keys from server to server or workstation to workstation. If i can use some kind of Certificate Authority/Issuing server, that would be helpful too.
Any suggestions?
