Professional Documents
Culture Documents
NAME
---------
PRF8SPE
NAME
--------------------------------------------------------------------------------
+DATA/PRF8SPE/DATAFILE/system.257.1009023169
+DATA/PRF8SPE/DATAFILE/tbs_cfspe.1
+DATA/PRF8SPE/DATAFILE/sysaux.258.1009023209
+DATA/PRF8SPE/DATAFILE/undotbs1.259.1009023235
/u01/app/orcl/product/12.2.0/dbhome_1/dbs/tbs_cfspe
+DATA/PRF8SPE/DATAFILE/users.260.1009023235
+DATA/PRF8SPE/DATAFILE/tbs_cfqa
7 rows selected.
6 rows selected.
ENCRYPTION_WALLET_LOCATION=
(SOURCE=
(METHOD=FILE)
(METHOD_DATA=
(DIRECTORY=/u01/app/orcl/admin/PRF8SPE/TDE)))
[orcl@vlmazspep8db01 admin]$ mkdir -p /u01/app/orcl/admin/PRF8SPE/TDE
WRL_TYPE WRL_PARAMETER
STATUS WALLET_TYPE WALLET_OR FULLY_BAC CON_ID
-------------------- ------------------------------------------------------------
------------------------------ -------------------- --------- --------- ----------
FILE /u01/app/orcl/admin/PRF8SPE/TDE/
NOT_AVAILABLE UNKNOWN SINGLE UNDEFINED 0
WRL_TYPE WRL_PARAMETER
STATUS WALLET_TYPE WALLET_OR FULLY_BAC CON_ID
-------------------- ------------------------------------------------------------
------------------------------ -------------------- --------- --------- ----------
FILE /u01/app/orcl/admin/PRF8SPE/TDE/
CLOSED UNKNOWN SINGLE UNDEFINED 0
keystore altered.
WRL_TYPE WRL_PARAMETER
STATUS WALLET_TYPE WALLET_OR FULLY_BAC CON_ID
-------------------- ------------------------------------------------------------
------------------------------ -------------------- --------- --------- ----------
FILE /u01/app/orcl/admin/PRF8SPE/TDE/
OPEN_NO_MASTER_KEY PASSWORD SINGLE UNDEFINED 0
4. Create the master key:Set the encyrption key :
no rows selected
SQL> administer key management create key identified by Passw0rd with backup;
keystore altered.
CON_ID KEY_ID
----------
------------------------------------------------------------------------------
0 AQPpSXB7Yk9lv4rN8d/uEH0AAAAAAAAAAAAAAAAAAAAAAAAAAAAA
keystore altered.
KEY_ID
ACTIVATION_TIME
------------------------------------------------------------------------------
---------------------------------------------------------------------------
AQPpSXB7Yk9lv4rN8d/uEH0AAAAAAAAAAAAAAAAAAAAAAAAAAAAA 18-
JUN-19 06.03.51.156861 PM +00:00
Note: One can run the statement "administer key management set encryption key
identified by ... " instead of the commands from steps 4) and 5). This is going to
create and activate the encryption key at the same time
After the master key is activated the status of the wallet changes to "OPEN":
WRL_TYPE WRL_PARAMETER
STATUS WALLET_TYPE WALLET_OR FULLY_BAC CON_ID
-------------------- ------------------------------------------------------------
------------------------------ -------------------- --------- --------- ----------
FILE /u01/app/orcl/admin/PRF8SPE/TDE/
OPEN PASSWORD SINGLE NO 0
The wallet type is password-based software keystore: As names suggests, this type
of keystore is protected by a password, and password is required to open the
keystore to retrieve the encryption keys.
SQL> CREATE TABLESPACE TS_APPSPE DATAFILE '+DATA' SIZE 20G ENCRYPTION USING
'AES256' DEFAULT STORAGE(ENCRYPT);
Tablespace created.
SQL> CREATE TABLESPACE TS_ORGSPE DATAFILE '+DATA' SIZE 20G ENCRYPTION USING
'AES256' DEFAULT STORAGE(ENCRYPT);
Tablespace created.
SQL> CREATE TABLESPACE TS_DEPSPE DATAFILE '+DATA' SIZE 20G ENCRYPTION USING
'AES256' DEFAULT STORAGE(ENCRYPT);
Tablespace created.
SQL> CREATE TABLESPACE TS_ECSPE DATAFILE '+DATA' SIZE 20G ENCRYPTION USING 'AES256'
DEFAULT STORAGE(ENCRYPT);
Tablespace created.
SQL> CREATE TABLESPACE TS_CFSPE DATAFILE '+DATA' SIZE 20G ENCRYPTION USING 'AES256'
DEFAULT STORAGE(ENCRYPT);
Tablespace created.
SQL> CREATE TABLESPACE TS_XNGSPE DATAFILE '+DATA' SIZE 20G ENCRYPTION USING
'AES256' DEFAULT STORAGE(ENCRYPT);
Tablespace created.
SQL> CREATE TABLESPACE TS_CREGSPE DATAFILE '+DATA' SIZE 20G ENCRYPTION USING
'AES256' DEFAULT STORAGE(ENCRYPT);
Tablespace created.
NAME
-----------------------------------------------------------------------------------
-----------------------------------------------------------
+DATA/PRF8SPE/DATAFILE/system.257.1009023169
+DATA/PRF8SPE/DATAFILE/ts_orgspe.267.1011273203
+DATA/PRF8SPE/DATAFILE/sysaux.258.1009023209
+DATA/PRF8SPE/DATAFILE/undotbs1.259.1009023235
+DATA/PRF8SPE/DATAFILE/ts_appspe.268.1011273167
+DATA/PRF8SPE/DATAFILE/users.260.1009023235
+DATA/PRF8SPE/DATAFILE/ts_depspe.269.1011273245
+DATA/PRF8SPE/DATAFILE/ts_ecspe.270.1011273283
+DATA/PRF8SPE/DATAFILE/ts_cfspe.271.1011273311
+DATA/PRF8SPE/DATAFILE/ts_xngspe.272.1011273347
+DATA/PRF8SPE/DATAFILE/ts_cregspe.273.1011273379
11 rows selected.
SQL> !pwd
/u01/app/orcl/product/12.2.0/dbhome_1/network/admin
OPEN_MODE
--------------------
MOUNTED
Reopen the keystore :Here the wallet_type is PASSWORD , i.e every time we restart
the database, we need to open the key/wallet separately.To overcome this, we can
enable auto login ,so that next time when db gets restart, it will open the wallet
automatically
keystore altered.
OPEN_MODE
--------------------
MOUNTED
Database altered.
OPEN_MODE
--------------------
READ WRITE
TABLESPACE_NAME ENC
------------------------------ ---
SYSTEM NO
SYSAUX NO
UNDOTBS1 NO
TEMP NO
USERS NO
TS_CFSPE YES
TS_APPSPE YES
TS_ORGSPE YES
TS_DEPSPE YES
TS_ECSPE YES
TS_XNGSPE YES
TS_CREGSPE YES
12 rows selected.
This kind of keystores are protected by system-generated password, and does not
need to opened explicitly because these keystores open automatically.
As soon as we execute above statement, we will see cwallet.sso file gets created
under keystore location directory. Once we have AUTOLOGIN keystore, there is no
need to open keystore for individual pluggable databases because auto-login
keystore would open automatically for all pluggable databases as well.
NAME
---------
PRF8SPE
NAME ENCRYPT
------------------------------ -------
TS_APPSPE AES256
TS_ORGSPE AES256
TS_DEPSPE AES256
TS_ECSPE AES256
TS_CFSPE AES256
TS_XNGSPE AES256
TS_CREGSPE AES256
7 rows selected.