I am in the process of putting my notes into web pages, please keep checking in later for more contents

Oracle TDE Encryption 10g or 11g

1):
select * from v$encryption_wallet;

sqlnet.ora
ENCRYPTION_WALLET_LOCATION=
      (SOURCE =
         (METHOD = FILE)
          (METHOD_DATA = (DIRECTORY = /u01/oracle/ora11.203/dbs/wallets/${ORACLE_SID})))

create and open wallet
-- 10g ALTER SYSTEM SET ENCRYPTION KEY AUTHENTICATED BY "mypassword";

-- 11g ALTER SYSTEM SET ENCRYPTION KEY IDENTIFIED BY "mypassword";

ENCRYPTION_WALLET_LOCATION =
   (SOURCE =
     (METHOD = FILE)
     (METHOD_DATA =
       (DIRECTORY = E:\oracle\%ORACLE_UNQNAME%)))

2):
create auto login .sso file

cd /u01/oracle/ora11.203/dbs/wallets/${ORACLE_SID}
orapki wallet create -wallet "/u01/oracle/ora11.203/dbs/wallets/${ORACLE_SID}" -pwd "mypassword" -auto_login_local

3): reopen a wallet
-- 10g: ALTER SYSTEM SET ENCRYPTION WALLET OPEN AUTHENTICATED BY "myPassword";

-- 11g: ALTER SYSTEM SET ENCRYPTION WALLET OPEN IDENTIFIED BY "mypassword";

-- close a wallet: ALTER SYSTEM SET ENCRYPTION WALLET CLOSE;

4): view wallet
# normal time, should not use password: 
orapki wallet display -wallet /u01/oracle/ora11.203/dbs/wallets/${ORACLE_SID}

orapki wallet display -wallet "/u01/oracle/ora11.203/dbs/wallets/${ORACLE_SID}" -pwd "mypassword"

5):
sudo chattr -i *wallet*               <== to unlock (mutable - able to change)
orapki wallet create -wallet "/u01/oracle/ora11.203/dbs/wallets/${ORACLE_SID}" -pwd "mypassword" -auto_login_local
sudo chattr +i *wallet*               <== to lock (immutable) - not changeable)

6):
lsattr *wallet*
sudo chattr -i *wallet*               <== to unlock (mutable - able to change)
sudo chown oracle:dba *wallet*
sudo chattr +i *wallet*               <== to lock (immutable) - not changeable)

7):
change wallet password: ( need XWindow)
owm

8):
SET LINESIZE 100
COLUMN owner FORMAT A15
COLUMN tble_name FORMAT A15
COLUMN column_name FORMAT A15

SELECT * FROM dba_encrypted_columns;

Oracle TDE Encryption 12c

1): sqlnet.ora
mkdir -p /u01/app/oracle/admin/$ORACLE_SID/encryption_keystore

ENCRYPTION_WALLET_LOCATION =
  (SOURCE =(METHOD = FILE)(METHOD_DATA =
    (DIRECTORY = /u01/app/oracle/admin/$ORACLE_SID/encryption_keystore/)

2): in sqlplus
ADMINISTER KEY MANAGEMENT CREATE KEYSTORE '/u01/app/oracle/admin/${ORACLE_SID}/encryption_keystore/' IDENTIFIED BY mypassword;

HOST ls -l /u01/app/oracle/admin/${ORACLE_SID}/encryption_keystore/

3):
-- Open
-- non-cdb ADMINISTER KEY MANAGEMENT SET KEYSTORE OPEN IDENTIFIED BY mypassword;
-- cdb     ADMINISTER KEY MANAGEMENT SET KEYSTORE OPEN IDENTIFIED BY mypassword CONTAINER=ALL;

-- Close
-- non-cdb ADMINISTER KEY MANAGEMENT SET KEYSTORE CLOSE IDENTIFIED BY mypassword;
-- cdb     ADMINISTER KEY MANAGEMENT SET KEYSTORE CLOSE IDENTIFIED BY mypassword CONTAINER=ALL;

-- create
-- non-cdb ADMINISTER KEY MANAGEMENT SET KEY IDENTIFIED BY mypassword WITH BACKUP;
-- cdb     ADMINISTER KEY MANAGEMENT SET KEY IDENTIFIED BY mypassword WITH BACKUP CONTAINER=ALL;

set linesize 200 trimspool on
SELECT con_id, key_id FROM v$encryption_keys;

set linesize 200 trimspool on
column wrl_parameter FORMAT A50
SELECT * FROM v$encryption_wallet;

4): export key
ADMINISTER KEY MANAGEMENT EXPORT ENCRYPTION KEYS WITH SECRET "mysecretexportpassword" TO '/tmp/export.p12' IDENTIFIED BY mytdepassword;

5): import key
ADMINISTER KEY MANAGEMENT SET KEYSTORE OPEN IDENTIFIED BY "mypassword";
ADMINISTER KEY MANAGEMENT IMPORT ENCRYPTION KEYS WITH SECRET "mysecretexportpassword" FROM '/tmp/export.p12' IDENTIFIED BY "mypassword" WITH BACKUP;

6): autologin key
ADMINISTER KEY MANAGEMENT CREATE LOCAL AUTO_LOGIN KEYSTORE FROM KEYSTORE '/u01/app/oracle/admin/$ORACLE_HOME/encryption_keystore/' IDENTIFIED BY mypassword;


Home   Oracle