Oracle Advanced Transparent Data Encryption (TDE)
docs.oracle.com/cd/E11882_01/...
ENCRYPTION_WALLET_LOCATION=
(SOURCE=
(METHOD=FILE)
(METHOD_DATA=
(DIRECTORY=/u01/app/oracle/admin/DEVDB/wallet)))
cd /u01/app/oracle/product/11.2.0.4/dbhome_1/network/admin
cp sqlnet.ora_wallet sqlnet.ora
--set password based keystore
12c: ADMINISTER KEY MANAGEMENT CREATE KEYSTORE '/u01/app/oracle/admin/DEVDB/wallet' IDENTIFIED BY Welcome2020;
11g: ALTER SYSTEM SET ENCRYPTION KEY IDENTIFIED BY Welcome2020;
COL wrl_type FORMAT a12
COL wrl_parameter FORMAT a35
COL status FORMAT a15
select * from v$encryption_wallet;
--set auto login keystore
12c: ADMINISTER KEY MANAGEMENT CREATE AUTO_LOGIN KEYSTORE FROM KEYSTORE 'C:\app\AkPC\admin\tdewallet\orcl' IDENTIFIED BY Welcome2020;
11g: orapki wallet create -wallet $ORACLE_BASE/admin/DEVDB/wallet -auto_login -pwd Welcome2020
--open the keystore
12c: ADMINISTER KEY MANAGEMENT SET KEYSTORE OPEN IDENTIFIED BY Welcome2020;
11g: ALTER SYSTEM SET WALLET OPEN IDENTIFIED BY "Welcome2020";
--set master key / backup
12c: ADMINISTER KEY MANAGEMENT SET KEY IDENTIFIED BY Welcome2020 with backup;
11g: orapki wallet export/backup
--Set database master key
12c: ADMINISTER KEY MANAGEMENT SET KEY IDENTIFIED BY Welcome2020 with backup;
11g: ALTER SYSTEM SET ENCRYPTION KEY “New Key" IDENTIFIED BY “Old Key";
CREATE TABLESPACE encrypted_ts
DATAFILE '/u01/app/oracle/oradata/DEVDB/encrypted_ts.dbf' SIZE 128K
AUTOEXTEND ON NEXT 64K
ENCRYPTION USING 'AES256'
DEFAULT STORAGE(ENCRYPT);
CREATE TABLESPACE unencrypted_ts
DATAFILE '/u01/app/oracle/oradata/DEVDB/unencrypted_ts.dbf' SIZE 128K
AUTOEXTEND ON NEXT 64K;
SELECT tablespace_name, encrypted FROM dba_tablespaces;
CREATE TABLE TEST_ENC (TEXT VARCHAR2(100)) TABLESPACE encrypted_ts;
CREATE TABLE TEST_UNENC (TEXT VARCHAR2(100)) TABLESPACE unencrypted_ts;
insert into TEST_ENC values ('This is encrypted');
insert into TEST_UNENC values ('This is not encrypted');
create user test1 identified by test1;
grant dba to test1;
conn test1/test1
CREATE TABLE TEST1 (NO NUMBER(2), TEXT VARCHAR2(100)) TABLESPACE unencrypted_ts;
insert into TEST1 values (1, 'This is not encrypted');
commit;
ALTER TABLE TEST1 MODIFY (TEXT ENCRYPT USING 'AES256');
CREATE TABLE TEST2 (NO NUMBER(2), TEXT VARCHAR2(100) ENCRYPT USING 'AES256') TABLESPACE unencrypted_ts;
insert into TEST2 values (1, 'This is not encrypted');
commit;
ALTER SYSTEM FLUSH BUFFER_CACHE;
create user test2 identified by test2;
grant dba to test2;
conn test2/test2
SELECT * FROM DBA_ENCRYPTED_COLUMNS;
#TDE #TransparentDataEncryption #TSEncryption #ColumnEncryption #Encryption #11g #12c #Wallet #Oracle #RAC #Database #Exadata
Please do follow me and support me on,
LinkedIn: / mallik034
RU-vid: / mallik034
Fakebook: / mallik034
Blog: mallik034.blogspot.com
twitter: / mallik034
Instagram: / mallik034
FBPage: / mallik034oracledba
Skype: malluramadurg
Regards,
Mallikarjun Ramadurg
Mobile: +91 9880616848
WhatsApp: +91 9880616848
Email: malluramadurg@gmail.com
LinkedIn: / mallik034
RU-vid: / mallik034
Fakebook: / mallik034
Blog: mallik034.blogspot.com
twitter: / mallik034
Instagram: / mallik034
FBPage: / mallik034oracledba
Skype: malluramadurg
20 окт 2020
