With respect to Oracle Database 11g transparent data encryption (TDE) with HSM, I understand that the following command is used to set the master encryption key. However, why does a user_Id have to be specified when the PKCS#11 library for the corresponding HSM only requires a PIN?
SQL> ALTER SYSTEM SET ENCRYPTION KEY IDENTIFIED BY "user_Id:password"
The following answer is as quoted from Oracle Forum.
"SQL> alter system set ... identified by "HSM_auth_string"; where "HSM_auth_string" can be "user_name:password", a "PIN", or just a "Password"."