My requirement is to do column level encryption.
Tried below option TDE - data is not encrypted to one who has access to database. Please correct me if I'm wrong. DBMS_CRYPTO package, this works but client wants to store encryption key outside Oracle database. I'm not able to find solution for storing key outside database.
Any help on this is highly appreciated.
Perhaps two different things here.
To do TDE at column level already uses an external key store, namely a wallet. The location is specified by ENCRYPTION_WALLET_LOCATION in your sqlnet.ora file, and you'd open the wallet when the database starts, eg
Conversely, if you are looking at doing some "home grown" encryption of data using DBMS_CRYPTO, then key management also becomes your own responsibility. You could store the key however/wherever you like, but its your job then to manage it and pass it securely into the DBMS_CRYPTO routines