Set the wallet_root parameter
SQL> show parameter wallet_root NAME TYPE VALUE ------------------------------------ ----------- ------------------------------ wallet_root string SQL> alter system set wallet_root='/u01/app' scope=spfile sid='*'; System altered. SQL> shutdown immediate; SQL> startup SQL> show parameter wallet_root NAME TYPE VALUE ------------------------------------ ----------- ------------------------------ wallet_root string /u01/app
Set the tde_configuration parameter
SQL> show parameter tde_configuration NAME TYPE VALUE ------------------------------------ ----------- ------------------------------ tde_configuration string SQL> alter system set tde_configuration="keystore_configuration=file" scope=both sid='*' System altered. SQL> show parameter tde_configuration NAME TYPE VALUE ------------------------------------ ----------- ------------------------------ tde_configuration string keystore_configuration=file
Create the keystore
SQL> select * from v$encryption_wallet; WRL_TYPE WRL_PARAMETER STATUS WALLET_TYPE WALLET_OR KEYSTORE FULLY_BAC CON_ID ---------- -------------------- -------------------- -------------------- --------- -------- --------- ---------- FILE /u01/app/tde/ CLOSED UNKNOWN SINGLE NONE UNDEFINED 0 SQL> administer key management create keystore '/u01/app/tde' identified by Passw0rd; keystore altered.
Open the keystore
SQL> administer key management set keystore open identified by Passw0rd; keystore altered. SQL> select * from v$encryption_wallet; WRL_TYPE WRL_PARAMETER STATUS WALLET_TYPE WALLET_OR KEYSTORE FULLY_BAC CON_ID ---------- -------------------- -------------------- -------------------- --------- -------- --------- ---------- FILE /u01/app/tde/ OPEN_NO_MASTER_KEY PASSWORD SINGLE NONE UNDEFINED 0
Set the key
SQL> administer key management set key identified by Passw0rd with backup using 'tag1'; keystore altered. SQL> select * from v$encryption_wallet; WRL_TYPE WRL_PARAMETER STATUS WALLET_TYPE WALLET_OR KEYSTORE FULLY_BAC CON_ID ---------- -------------------- -------------------- -------------------- --------- -------- --------- ---------- FILE /u01/app/tde/ OPEN PASSWORD SINGLE NONE NO 0
Create autologin keystore
SQL> administer key management create auto_login keystore from keystore '/u01/app/tde' identified by Passw0rd; keystore altered. SQL> administer key management set keystore close identified by Passw0rd; keystore altered. SQL> select * from v$encryption_wallet; WRL_TYPE WRL_PARAMETER STATUS WALLET_TYPE WALLET_OR KEYSTORE FULLY_BAC CON_ID ---------- -------------------- -------------------- -------------------- --------- -------- --------- ---------- FILE /u01/app/tde/ OPEN AUTOLOGIN SINGLE NONE NO 0
Create encrypt tablespace using AES128
SQL> create tablespace test_enc128 datafile '/u01/app/oradata/ORCL/datafile/test01.dbf' size 100M encryption using 'AES128' default storage (encrypt) Tablespace created. SQL> select encrypted, tablespace_name from dba_tablespaces; ENC TABLESPACE_NAME --- ------------------------------ NO SYSTEM NO SYSAUX NO UNDOTBS1 NO TEMP NO USERS YES TEST_ENC128 6 rows selected.
Check the encryption algorithm for the tablespace created.
SQL> select name, encryptionalg encryptedts from v$encrypted_tablespaces e, v$tablespace v where e.ts# = v.ts#; NAME ENCRYPT ------------------------------ ------- TEST_ENC128 AES128
For RAC environment
Copy the wallet file ewallet.p12 from first RAC node to all other RAC nodes ENCRYPTION_WALLET_LOCATION directory.
SQL> !ls -l /u01/app/tde total 16 -rw-r--r--. 1 oracle oinstall 91 Jul 27 15:55 afiedt.buf -rw-------. 1 oracle oinstall 4040 Jul 27 16:19 cwallet.sso -rw-------. 1 oracle oinstall 3995 Jul 27 16:12 ewallet.p12 -rw-------. 1 oracle oinstall 2555 Jul 27 16:12 ewallet_2022072708125091_tag1.p12
0 留言