Website Design, Website Development, Shopping Carts, Content Management Systems, Custom Programming, Custom Applications Appsdba: Steps to Setup Oracle 11g TDE (Transparent Data Encryption)

Oracle Applications, Middleware, Database, DB RAC & HA

It is place where anyone grab more knowledge about Oracle Applications, middleware etc.

 
APPS R12
  • File System
  • Tech Stack
  • Admin Scripts
  • Forms Mode
  • APPS 11i
  • Know more
  • Maintenance Mode
  • Maintenance Mode(New)
  • Patching
  • APPS Scripts
  • Database Scripts
  • Protect APPS Password
  • Concurrent Manager
  • Database Refersh
  • Patchset Utility
  • Forms Data Loader
  • Web Server
  • Space Required
  • Responsibilities Of APPSDBA
  • OAS 9i/10gR2
  • Software Load Balancer
  • OAS 10gR3
  • Components
  • HTTP Server as Port 80
  • Database
  • Enable Archive
  • Clear Temp Tablespace
  • Drop DB (New in 10g)
  • Database Performance
  • Oracle Process
  • Advanced Topic
  • Database RAC

  • Do you know
  • Clusterware
  • Manage RAC Environment
  • High Availability
  • Certifications
  • EBS R12 Beta Exam
  • APPS 11i - 1z0-233
  • RAC 10gR2 - 1z0-048
  • Oracle Certifications
  • DBA Tools
  • TOAD
  • KEEP TOOL
  • ORACLE's SQL DEVELOPER
  • Spotlight on Oracle E-Business
  • DBDiff For Oracle

  • Steps to Setup Oracle 11g TDE (Transparent Data Encryption)
    Thursday, May 6, 2010
    Introduction

    The Transparent Data Encryption (TDE) feature introduced in Oracle 10g Database Release 2 allows sensitive data to be encrypted within the datafiles to prevent access to it from the operating system.

    Oracle Database 11g encrypts data using a master key, which is stored in a secure location called a wallet, which is a file on the database server. Table keys are placed in the data dictionary. Oracle Database 11g generates a single encrypted table key for the table and uses it to encrypt those columns.

    Steps:

    1. Add the following entry in sqlnet.ora under $ORACLE_HOME/network/admin

    ENCRYPTION_WALLET_LOCATION=(SOURCE=(METHOD=file)
    (METHOD_DATA=(DIRECTORY=/u01/app/oracle/wallets)))

    2. Before attempting to create a table with encrypted columns, a wallet must be created to hold the encryption key.

    Creates the wallet in the location specified in sqlnet.ora i.e. /u01/app/oracle/wallets

    Set the password of the wallet as "passwd".

    Open the wallet for TDE

    [oracle@db wallets]$ pwd
    /u01/app/oracle/wallets

    [oracle@db wallets]$ ls -lrt
    total 12
    -rw------- 1 oracle oinstall 8757 May 6 12:56 ewallet.p12

    3. You need to open the wallet and create the master encryption key. Open a SQL*Plus session and execute the following commands:
    connect / as sysdba
    SQL> alter system set key identified by "finnet1";

    4. Open the wallet as below :
    CONN sys/passwd@dbname AS SYSDBA
    SQL> ALTER SYSTEM SET ENCRYPTION KEY AUTHENTICATED BY "myPassword";
    Or
    The wallet must be opened explicitly, after the database instance starts.
    SQL> ALTER SYSTEM SET ENCRYPTION WALLET OPEN AUTHENTICATED BY "passwd";
    SQL> ALTER SYSTEM SET ENCRYPTION WALLET OPEN IDENTIFIED BY "passwd";

    5. The status of the wallet can be viewed using the view v$encryption_wallet:

    SQL> SELECT * FROM v$encryption_wallet;

    WRL_TYPE WRL_PARAMETER STATUS
    -------------------- ------------------------------ ---------
    file /u01/app/oracle/wallets OPEN


    Encrypted Column
    --------------------
    6. Create a test table with an encrypted column and insert some data. Using the ENCRYPT clause on its own is the same as using the ENCRYPT USING 'AES192' clause, as AES192 is the default encryption method.

    For encrypting the data, we can simply use

    SQL> ALTER TABLE EMP MODIFY (SAL ENCRYPT);
    SQL> ALTER TABLE EMP MODIFY (SAL DECRYPT);

    Details of the encrypted columns are stored in DBA_ENCRYPTED_COLUMNS

    SQL> SELECT * FROM DBA_ENCRYPTED_COLUMNS;
    SQL> SELECT * FROM user_encrypted_columns;

    7. We can explicitly close the wallet using
    SQL> ALTER SYSTEM SET ENCRYPTION WALLET CLOSE;
    posted by Jaswinder Singh @ 4:19 AM  
    0 Comments:
    Post a Comment
    << Home
     
    About Me

    Name: Jaswinder Singh
    Home: Bangalore, Karnataka, India
    Certifications: RAC Certified Expert, OCP 9i, 10g & 11i
    About Me: I am working as APPSDBA, have hands on experience on DB RAC, HA on OAS 10g and Oracle Applications.
    See my complete profile
    Previous Post
    Archives
    Links
    Powered by

    Free Blogger Templates

    BLOGGER

    ADVERTISEMENT
    click here
    © 2006 Appsdba .