Step 1: Configure
Networking
Add the following entry to your $TNS_ADMIN/sqlnet.ora changing the directory to a path relevant to your installation.
Add the following entry to your $TNS_ADMIN/sqlnet.ora changing the directory to a path relevant to your installation.
[/u03/app/oracle/product/db/11.1.0.6/network/admin
nf@rac2]$ cd $TNS_ADMIN
[/u03/app/oracle/product/db/11.1.0.6/network/admin nf@rac2]$ more sqlnet.ora
ENCRYPTION_WALLET_LOCATION=(SOURCE=(METHOD=file)(METHOD_DATA=(DIRECTORY=/u03/app/oracle/oradata/nf/wallet)))
[/u03/app/oracle/product/db/11.1.0.6/network/admin nf@rac2]$ more sqlnet.ora
ENCRYPTION_WALLET_LOCATION=(SOURCE=(METHOD=file)(METHOD_DATA=(DIRECTORY=/u03/app/oracle/oradata/nf/wallet)))
Step 2: Create the wallet via your preferred method (I use Oracle Wallet Manager)
Launch the Oracle Wallet Manager:
[/u03/app/oracle/product/db/11.1.0.6/bin
nf@rac2]$ export DISPLAY=192.168.1.104:0.0
[/u03/app/oracle/product/db/11.1.0.6/bin nf@rac2]$ ./owm
[/u03/app/oracle/product/db/11.1.0.6/bin nf@rac2]$ ./owm
Here are the screenshots for this step:
Create a new wallet
Enter the password
Specify the location
Set as an Auto-login wallet and save
Should yield the following files:
[/u03/app/oracle/product/db/11.1.0.6/bin
nf@rac2]$ ls -lart /u03/app/oracle/oradata/nf/wallet
total 24
drwxr-x--- 6 oracle dba 4096 Feb 11 00:56 ..
-rw------- 1 oracle dba 7312 Feb 11 00:56 ewallet.p12
drwx------ 2 oracle dba 4096 Feb 11 00:56 .
-rw------- 1 oracle dba 7340 Feb 11 00:56 cwallet.sso
total 24
drwxr-x--- 6 oracle dba 4096 Feb 11 00:56 ..
-rw------- 1 oracle dba 7312 Feb 11 00:56 ewallet.p12
drwx------ 2 oracle dba 4096 Feb 11 00:56 .
-rw------- 1 oracle dba 7340 Feb 11 00:56 cwallet.sso
Step 3 Create Master Key for TDE:
SQL>
alter system set encryption key identified by "password";
--Password
saved to wallets Manager.
System
altered.
Note that the Oracle wallet manager does not create this master key. The above is the appropriate method for doing so.
Step 4 Verify wallet is open
SQL>
col wrl_parameter format a40
SQL> select * from v$encryption_wallet;
WRL_TYPE WRL_PARAMETER STATUS
-------------------- ---------------------------------------- ---------
file /u03/app/oracle/oradata/nf/wallet OPEN
SQL> select * from v$encryption_wallet;
WRL_TYPE WRL_PARAMETER STATUS
-------------------- ---------------------------------------- ---------
file /u03/app/oracle/oradata/nf/wallet OPEN
You should see that the size of the auto-login and encryption wallet have changed (since the master key has been added):
[/u03/app/oracle/oradata/nf/wallet
nf@rac2]$ ls -alrt /u03/app/oracle/oradata/nf/wallet
total 32
drwxr-x--- 6 oracle dba 4096 Feb 11 00:56 ..
drwx------ 2 oracle dba 4096 Feb 11 00:56 .
-rw------- 1 oracle dba 8453 Feb 11 01:24 ewallet.p12
-rw------- 1 oracle dba 8481 Feb 11 01:24 cwallet.sso
total 32
drwxr-x--- 6 oracle dba 4096 Feb 11 00:56 ..
drwx------ 2 oracle dba 4096 Feb 11 00:56 .
-rw------- 1 oracle dba 8453 Feb 11 01:24 ewallet.p12
-rw------- 1 oracle dba 8481 Feb 11 01:24 cwallet.sso
If the wallet is not open:
SQL>
alter system set encryption wallet open identified by "password";
System altered.
System altered.
At this point, you should be able to transparently encrypt tablespaces, columns, LOBS, etc.
Frequently asked questions about TDE: 10g
11g Tablespace Encryption: Three easy steps
ALTER SYSTEM SET ENCRYPTION KEY
certificate_ID
IDENTIFIED BY "
password
";
ALTER SYSTEM SET ENCRYPTION WALLET OPEN IDENTIFIED BY "
password
";
ALTER SYSTEM SET ENCRYPTION WALLET CLOSE IDENTIFIED BY
"
password
";
SELECT * FROM V$ENCRYPTION_WALLET;
SELECT * FROM DBA_ENCRYPTED_COLUMNS;
SELECT TABLESPACE_NAME, ENCRYPTED FROM DBA_
TABLESPACES;
SELECT * FROM V$ENCRYPTED_TABLESPACES;
Không có nhận xét nào:
Đăng nhận xét