working with keystore(wallet) 12c:

Note: even DBV is there, creating wallet is not affected, the affected thing is
only moving tables protected by realms to encrypted tablespacdes, or altering
tables protected by realms to use column level encryption

1. set keystore(wallet) location in sqlnet.ora

ENCRYPTION_WALLET_LOCATION=
(SOURCE=
(METHOD=FILE)
(METHOD_DATA=
(DIRECTORY=/u01/app/oracle/wallet) =====> you can point to ASM
diskgroup +DATA/TESTDB/WALLET (make sure to create the wallet directory at the
asm), in case RAC copy sql.ora to the second node
)
)

2. create keystore (wallet)

ADMINISTER KEY MANAGEMENT CREATE KEYSTORE '/u01/app/oracle/wallet' IDENTIFIED BY
oracle123; ---> you can point to ASM Diskgroup

3. open keystore(wallet)
ADMINISTER KEY MANAGEMENT SET KEYSTORE OPEN IDENTIFIED BY oracle123

4. create masker key in the keystore

ADMINISTER KEY MANAGEMENT SET KEY IDENTIFIED BY oracle123 WITH BACKUP;

5 close keystore (wallet)

ADMINISTER KEY MANAGEMENT SET KEYSTORE close IDENTIFIED BY oracle123;

6. change keystore to autologin

ADMINISTER KEY MANAGEMENT CREATE AUTO_LOGIN KEYSTORE FROM KEYSTORE
'/u01/app/oracle/wallet' IDENTIFIED BY oracle123;

important views
v$encryption_wallet
v$encryption_keys

7. create encrypted tablespace:

CREATE TABLESPACE TEST_ENCRY datafile
'/home/oracle/app/oracle/oradata/cdb1/testencry.dbf' size 2G ENCRYPTION USING
'AES256' DEFAULT STORAGE(ENCRYPT);

create table emp_ency(

empno Number(3),
Name varchar(10)
) tablespace TEST_ENCRY;

8. Create Encrypted column:

SQL> CREATE TABLE employee (
first_name VARCHAR2(128),
last_name VARCHAR2(128),
empID NUMBER,
salary NUMBER(6) ENCRYPT
);

dba_tablespaces
dba_encrypted_columns

use O.S command to search characters in oracle file (user full file name):
strings -a /u01/app/oracle/oradata/orcl/test_tbs01.dbf | grep tareq

https://community.toadworld.com/platforms/oracle/w/wiki/11140.oracle-database-12c-
transparent-data-encryption-tde-and-the-world-of-multitenant-database