Oracle Advanced Transparent Data Encryption (TDE)

https://docs.oracle.com/cd/E11882_01/network.112/e40393/asotrans.htm#ASOAG10143

ENCRYPTION_WALLET_LOCATION=
(SOURCE=
(METHOD=FILE)
(METHOD_DATA=
(DIRECTORY=/u01/app/oracle/admin/DEVDB/wallet)))

cd /u01/app/oracle/product/11.2.0.4/dbhome_1/network/admin
cp sqlnet.ora_wallet sqlnet.ora

--set password based keystore
12c: ADMINISTER KEY MANAGEMENT CREATE KEYSTORE '/u01/app/oracle/admin/DEVDB/wallet' IDENTIFIED BY Welcome2020;
11g: ALTER SYSTEM SET ENCRYPTION KEY IDENTIFIED BY Welcome2020;

COL wrl_type FORMAT a12
COL wrl_parameter FORMAT a35
COL status FORMAT a15
select * from v$encryption_wallet;

--set auto login keystore
12c: ADMINISTER KEY MANAGEMENT CREATE AUTO_LOGIN KEYSTORE FROM KEYSTORE 'C:\app\AkPC\admin\tdewallet\orcl' IDENTIFIED BY Welcome2020;
11g: orapki wallet create -wallet $ORACLE_BASE/admin/DEVDB/wallet -auto_login -pwd Welcome2020

--open the keystore
12c: ADMINISTER KEY MANAGEMENT SET KEYSTORE OPEN IDENTIFIED BY Welcome2020;
11g: ALTER SYSTEM SET WALLET OPEN IDENTIFIED BY "Welcome2020";


--set master key / backup
12c: ADMINISTER KEY MANAGEMENT SET KEY IDENTIFIED BY Welcome2020 with backup;
11g: orapki wallet export/backup


--Set database master key
12c: ADMINISTER KEY MANAGEMENT SET KEY IDENTIFIED BY Welcome2020 with backup;
11g: ALTER SYSTEM SET ENCRYPTION KEY “New Key" IDENTIFIED BY “Old Key";

CREATE TABLESPACE encrypted_ts
DATAFILE '/u01/app/oracle/oradata/DEVDB/encrypted_ts.dbf' SIZE 128K
AUTOEXTEND ON NEXT 64K
ENCRYPTION USING 'AES256'
DEFAULT STORAGE(ENCRYPT);

CREATE TABLESPACE unencrypted_ts
DATAFILE '/u01/app/oracle/oradata/DEVDB/unencrypted_ts.dbf' SIZE 128K
AUTOEXTEND ON NEXT 64K;

SELECT tablespace_name, encrypted FROM dba_tablespaces;

CREATE TABLE TEST_ENC (TEXT VARCHAR2(100)) TABLESPACE encrypted_ts;
CREATE TABLE TEST_UNENC (TEXT VARCHAR2(100)) TABLESPACE unencrypted_ts;

insert into TEST_ENC values ('This is encrypted');
insert into TEST_UNENC values ('This is not encrypted');

create user test1 identified by test1;
grant dba to test1;

conn test1/test1

CREATE TABLE TEST1 (NO NUMBER(2), TEXT VARCHAR2(100)) TABLESPACE unencrypted_ts;
insert into TEST1 values (1, 'This is not encrypted');
commit;

ALTER TABLE TEST1 MODIFY (TEXT ENCRYPT USING 'AES256');

CREATE TABLE TEST2 (NO NUMBER(2), TEXT VARCHAR2(100) ENCRYPT USING 'AES256') TABLESPACE unencrypted_ts;
insert into TEST2 values (1, 'This is not encrypted');
commit;

ALTER SYSTEM FLUSH BUFFER_CACHE;

create user test2 identified by test2;
grant dba to test2;

conn test2/test2


SELECT * FROM DBA_ENCRYPTED_COLUMNS;


#TDE #TransparentDataEncryption #TSEncryption #ColumnEncryption #Encryption #11g #12c #Wallet #Oracle #RAC #Database #Exadata

Please do follow me and support me on,

LinkedIn: https://www.linkedin.com/in/mallik034
YouTube: https://www.youtube.com/c/mallik034
Fakebook: https://www.facebook.com/mallik034
Blog: https://mallik034.blogspot.com
twitter: https://twitter.com/mallik034
Instagram: https://www.instagram.com/mallik034
FBPage: https://www.facebook.com/mallik034oracledba
Skype: malluramadurg


Regards,
Mallikarjun Ramadurg
Mobile: +91 9880616848
WhatsApp: +91 9880616848
Email: [email protected]
LinkedIn: https://www.linkedin.com/in/mallik034
YouTube: https://www.youtube.com/c/mallik034
Fakebook: https://www.facebook.com/mallik034
Blog: https://mallik034.blogspot.com
twitter: https://twitter.com/mallik034
Instagram: https://www.instagram.com/mallik034
FBPage: https://www.facebook.com/mallik034oracledba
Skype: malluramadurg