Scribd
Upload
39 views2 pages

Oracle TDE

This document provides instructions for configuring Transparent Data Encryption (TDE) in an Oracle database. It describes how to create an encryption wallet, enable TDE for tablespaces, encrypt and decrypt specific tablespaces both online and offline, and encrypt and decrypt columns within tables.

Uploaded by

Ilesanmi Oluwabanke Esther
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
39 views2 pages

Oracle TDE

This document provides instructions for configuring Transparent Data Encryption (TDE) in an Oracle database. It describes how to create an encryption wallet, enable TDE for tablespaces, encrypt and decrypt specific tablespaces both online and offline, and encrypt and decrypt columns within tables.

Uploaded by

Ilesanmi Oluwabanke Esther
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
You are on page 1/ 2

Configure the wallet

mkstore -wrl +DATAC2/TESTING/DATAFILE/wallet -create

Specify your wallet location in sqlnet.ora


WALLET_LOCATION = (SOURCE = (METHOD = FILE) (METHOD_DATA = (DIRECTORY =
+DATAC2/TESTING/DATAFILE/wallet)))

Create wallet dir


asmcmd
mkdir +DATAC2/TESTING/DATAFILE/wallet/tde
sqlplus / as sysdba
alter system set wallet_root='+DATAC2/TESTING/DATAFILE/wallet' scope=spfile
sid='*';
Restart DB
show parameter wallet;

Configure TDE
show parameter tde;
alter system set TDE_CONFIGURATION="KEYSTORE_CONFIGURATION=FILE" scope=both
sid='*';

Check encryption wallet status


set lines 200
col WRL_PARAMETER for a25
col wallet_type for a15
col STATUS for a15
select * from V$ENCRYPTION_WALLET;

ADMINISTER KEY MANAGEMENT CREATE KEYSTORE IDENTIFIED BY "Passw0rd123";

Create auto login


ADMINISTER KEY MANAGEMENT CREATE AUTO_LOGIN KEYSTORE FROM KEYSTORE IDENTIFIED BY
"Passw0rd123";

CREATE KEY
ADMINISTER KEY MANAGEMENT SET KEY FORCE KEYSTORE IDENTIFIED BY "Passw0rd123" WITH
BACKUP;

TABLESPACE ENCRYPTION
COL df_name FOR a80
col ts_name for a10
select df.name df_name, ts.name ts_name from v$datafile df join v$tablespace ts on
(df.ts#=ts.ts#);

chrck tablespace encryption status


ONLINE ENCRPTION
select tablespace_name, encrypted, status from dba_tablespaces;

TABLESPACE_NAME ENC STATUS


------------------------------ --- ---------------
SYSTEM NO ONLINE
SYSAUX NO ONLINE
UNDOTBS1 NO ONLINE
TEMP NO ONLINE
USERS NO ONLINE
TI_DATA_TBS YES ONLINE
Alter tablespace TI_DATA_TBS encryption online using 'AES256' encrypt;

To decrpt

select ts.name, ENCRYPTIONALG, status, ENCRYPTEDTS FROM V$ENCRYPTED_TABLESPACES ets


join v$tablespace ts on (ets.ts# = ts.ts#);

NAME ENCRYPT STATUS ENC


------------------------------ ------- --------------- ---
TI_DATA_TBS AES256 NORMAL YES

SQL>

OFFLINE ENCRYPTION
Alter tablespace TI_DATA_TBS offline normal;
Alter tablespace TI_DATA_TBS encryption offline using 'AES256' encrypt;
Alter tablespace TI_DATA_TBS online;

To Decrypt
Alter tablespace TI_DATA_TBS offline normal;
Alter tablespace TI_DATA_TBS decrypt;
Alter tablespace TI_DATA_TBS online;

select * from v$encryption_wallet;

Rekey Tablespace
Incase you need to change the encryption type
Alter tablespace TI_DATA_TBS encryption using 'AES192' rekey;

COLUMN ENCRYPTION
alter table TIZONE1.TICUST modify (column_name encrypt salt);
select * from dba_encrypted_columns;

alter table TIZONE1.TICUST modify (column_name encrypt no salt);


alter table TIZONE1.TICUST modify (column_name encrypt no mac);

alter table TIZONE1.TICUST modify (column_name decrypt);

Rekey Column

alter customer rekey using '3DES168';

You might also like