Professional Documents
Culture Documents
Search
Home
OracleTips
GotQuestions?
KEEPpooldeprecatedin
12c
12cPosterAvailable!
EncryptedRMANBackupTips
ExpertOracleTipsbyBurlesonConsulting
FreeAWRReport
Analysis
BEWAREof11gR2
UpgradeGotchas!
March25,2012
EmailUs
OracleArticles
OracleTraining
OracleTips
OracleForum
ClassCatalog
RemoteDBA
OracleTuning
Emergency911
RACSupport
AppsSupport
Analysis
Design
Implementation
OracleSupport
SQLTuning
Security
OracleUNIX
OracleLinux
Monitoring
Remotesupport
Remoteplans
Remoteservices
ApplicationServer
Applications
OracleForms
CreatingEncryptedRMANBackupsandRecovery
ItisverysimpletorestorethedatabasecreatedbyRMANusingsimple
commands.Ifsomeonehasstolenthebackupofthedatabase,theycaneasily
restoreitandstealallourdata,too.Topreventthatfromhappening,encryptthe
backupthathasbeenmade.Byqueryingthev$rman_encryption_algorithms
view,alistofRMANencryptionalgorithmscanbeobtained:
SQL>
select
algorithm_id,algorithm_name,algorithm_description,is_default
from
v$rman_encryption_algorithms
ALGORITHM_IDALGORITHM_NAMEALGORITHM_DESCRIPTIONIS_DEFAULT
1AES128AES128bitkeyYES
2AES192AES192bitkeyNO
3AES256AES256bitkeyNO
SQL>
TherearethreeformsofencryptioninOracle10g:transparent,passwordanddual
mode.
Tousetransparentmodeencryption,OracleEncryptionWalletshouldbe
used.
Tousepasswordmode,apasswordshouldbeprovidebytheDBAwhich
willbeusedinencryption.
Byusingdualmodeencryption,bothabovementionedmodeswillbeused.
Inthefollowingexample,wewillshowhowtousepasswordmodetoencryptour
backup.Usethesetencryptiononcommandandthepasswordusingtheidentified
bycommand,andencryptthebackupthatistakeninthissession.Usetheonly
keywordattheendtouseonlypasswordencryption.Ifthekeywordonlyis
missed,RMANusesdualmodeencryptionanddemandsthepresenceofOracle
EncryptionWallet,too.
OraclePortal
AppUpgrades
RMAN>setencryptiononidentifiedby'test'only
SQLServer
OracleConcepts
SoftwareSupport
Backuptheuserstablespace:
RemoteSupport
Development
RMAN>backuptablespaceusers
Implementation
Nowtrytorestoreit:
ConsultingStaff
ConsultingPrices
HelpWanted!
OraclePosters
RMAN>restoretablespaceusers
ORA19913:unabletodecryptbackup
ORA28365:walletisnotopen
Asthisshows,itisimpossibletorestorealreadyencryptedbackupwithoutusing
thepassword.Inthissituation,ifsomeonehasstolenourbackup,theywillnotbe
abletorestoreitandstealourdata,too,withoutprovidingthecorrectpassword.
Nowprovidethepasswordandrestorethebackup:
RMAN>setdecryptionidentifiedby'test'
RMAN>restoretablespaceusers
OracleBooks
OracleScripts
Ion
ExcelDB
Usingthepassword,tablespaceisrestoredsuccessfully.Ifweprovideawrong
password,itwillnotrestorethebackup:
DonBurlesonBlog
RMAN>setdecryptionidentifiedby'wrong'#wrongpassword
RMAN>restoretablespaceusers
ORA19913:unabletodecryptbackup
ORA28365:walletisnotopen
RMAN>
Bydefault,RMANusestheAES128bitkeyalgorithmforencryption.The
algorithmcanbeeasilychangedusingtheconfigureencryptionalgorithm
commandasfollows:
RMAN>showencryptionalgorithm
RMANconfigurationparametersare:
configureencryptionalgorithm'AES128'#default
RMAN>configureencryptionalgorithm'AES256'
newRMANconfigurationparameters:
configureencryptionalgorithm'AES256'
newRMANconfigurationparametersaresuccessfullystored
RMAN>showencryptionalgorithm
RMANconfigurationparametersare:
configureencryptionalgorithm'AES256'
Again,anytimethisconfigurationiscleared,theencryptionalgorithmcanbe
returnedtoitsdefaultvalueasfollows:
RMAN>configureencryptionalgorithmclear
oldRMANconfigurationparameters:
configureencryptionalgorithm'AES256'
RMANconfigurationparametersaresuccessfullyresettodefaultvalue
RMAN>showencryptionalgorithm
RMANconfigurationparametersare:
configureencryptionalgorithm'AES128'#default
RMAN>
TouseOracleEncryptionWallet,weneedtoconfigureRMANtoperforman
encryptedbackupofanytablespaceorwholedatabaseautomatically.Forthis,
usetheconfigureencryptionforcommand.Inthefollowingexample,we
configureRMANtocreateanencryptedbackupofthedatabase,andexclude
userstablespacefromencryption:
RMAN>showall
RMANconfigurationparametersare:
configureencryptionfordatabaseoff#default
configureencryptionalgorithm'AES128'#default
RMAN>configureencryptionfordatabaseon
newRMANconfigurationparameters:
configureencryptionfordatabaseon
newRMANconfigurationparametersaresuccessfullystored
RMAN>configureencryptionfortablespaceusersoff
tablespaceuserswillnotbeencryptedinfuturebackupsets
newRMANconfigurationparametersaresuccessfullystored
RMAN>showall
RMANconfigurationparametersare:
configureencryptionfordatabaseon
configureencryptionalgorithm'AES128'#default
configureencryptionfortablespace'users'off
Toreturnbacktodefaultvalue,cleartheencryptionconfigurationparameter:
RMAN>configureencryptionfordatabaseclear
oldRMANconfigurationparameters:
configureencryptionfordatabaseon
RMANconfigurationparametersaresuccessfullyresettodefaultvalue
RMAN>configureencryptionfortablespaceusersclear
tablespaceuserswilldefaulttodatabaseencryptionconfiguration
oldRMANconfigurationparametersaresuccessfullydeleted
RMAN>showall
RMANconfigurationparametersare:
configureencryptionfordatabaseoff#default
GettheComplete
OracleBackup&RecoveryDetails
Thelandmarkbook"OracleBackup&Recovery:
ExpertsecretsforusingRMANandDataPump"
providesrealworldadviceforresolvingthemost
difficultOracleperformanceandrecoveryissues.Buy
itfor40%offdirectlyfromthepublisher.
BurlesonistheAmericanTeam
Note:ThisOracledocumentationwascreatedasasupportandOracletraining
referenceforusebyourDBAperformancetuningconsultingprofessionals.Feel
freetoaskquestionsonourOracleforum.
Verifyexperience!AnyoneconsideringusingtheservicesofanOraclesupport
expertshouldindependentlyinvestigatetheircredentialsandexperience,andnot
relyonadvertisementsandselfproclaimedexpertise.AlllegitimateOracle
expertspublishtheirOraclequalifications.
Errata?OracletechnologyischangingandwestrivetoupdateourBCOracle
supportinformation.Ifyoufindanerrororhaveasuggestionforimprovingour
content,wewouldappreciateyourfeedback.Justemail:
andincludetheURLforthepage.
BurlesonConsulting
TheOracleofDatabaseSupport
OraclePerformanceTuning
RemoteDBAServices
Copyright?19962014
AllrightsreservedbyBurleson
Oracle?istheregisteredtrademarkofOracleCorporation.