How to Setup the Oracle Wallet for Encryption Functions
Posted at Sunday, February 10, 2008
Oracle has a variety of encryption features, most of which leverage the Oracle Wallet. Here are the steps to setup the wallet on an 11g database (most apply to 10g as well):
Step 1: Configure Networking
Add the following entry to your $TNS_ADMIN/sqlnet.ora changing the directory to a path relevant to your installation.
Step 2: Create the wallet via your preferred method (I use Oracle Wallet Manager)
Launch the Oracle Wallet Manager:
Here are the screenshots for this step:
Create a new wallet
Enter the password
Specify the location
Set as an Auto-login wallet and save
Should yield the following files:
Step 3 Create Master Key for TDE:
Note that the Oracle wallet manager does not create this master key. The above is the appropriate method for doing so.
Step 4 Verify wallet is open
You should see that the size of the auto-login and encryption wallet have changed (since the master key has been added):
If the wallet is not open:
At this point, you should be able to transparently encrypt tablespaces, columns, LOBS, etc.
Frequently asked questions about TDE: 10g
11g Tablespace Encryption: Three easy steps
Step 1: Configure Networking
Add the following entry to your $TNS_ADMIN/sqlnet.ora changing the directory to a path relevant to your installation.
[/u03/app/oracle/product/db/11.1.0.6/network/admin nf@rac2]$ cd $TNS_ADMIN
[/u03/app/oracle/product/db/11.1.0.6/network/admin nf@rac2]$ more sqlnet.ora
ENCRYPTION_WALLET_LOCATION=(SOURCE=(METHOD=file)(METHOD_DATA=(DIRECTORY=/u03/app/oracle/oradata/nf/wallet)))
Step 2: Create the wallet via your preferred method (I use Oracle Wallet Manager)
Launch the Oracle Wallet Manager:
[/u03/app/oracle/product/db/11.1.0.6/bin nf@rac2]$ export DISPLAY=192.168.1.104:0.0
[/u03/app/oracle/product/db/11.1.0.6/bin nf@rac2]$ ./owm
Here are the screenshots for this step:
Create a new wallet
Enter the password
Specify the location
Set as an Auto-login wallet and save
Should yield the following files:
[/u03/app/oracle/product/db/11.1.0.6/bin nf@rac2]$ ls -lart /u03/app/oracle/oradata/nf/wallet
total 24
drwxr-x--- 6 oracle dba 4096 Feb 11 00:56 ..
-rw------- 1 oracle dba 7312 Feb 11 00:56 ewallet.p12
drwx------ 2 oracle dba 4096 Feb 11 00:56 .
-rw------- 1 oracle dba 7340 Feb 11 00:56 cwallet.sso
Step 3 Create Master Key for TDE:
SQL> alter system set encryption key identified by "password";
System altered.
Note that the Oracle wallet manager does not create this master key. The above is the appropriate method for doing so.
Step 4 Verify wallet is open
SQL> col wrl_parameter format a40
SQL> select * from v$encryption_wallet;
WRL_TYPE WRL_PARAMETER STATUS
-------------------- ---------------------------------------- ---------
file /u03/app/oracle/oradata/nf/wallet OPEN
You should see that the size of the auto-login and encryption wallet have changed (since the master key has been added):
[/u03/app/oracle/oradata/nf/wallet nf@rac2]$ ls -alrt /u03/app/oracle/oradata/nf/wallet
total 32
drwxr-x--- 6 oracle dba 4096 Feb 11 00:56 ..
drwx------ 2 oracle dba 4096 Feb 11 00:56 .
-rw------- 1 oracle dba 8453 Feb 11 01:24 ewallet.p12
-rw------- 1 oracle dba 8481 Feb 11 01:24 cwallet.sso
If the wallet is not open:
SQL> alter system set encryption wallet open identified by "password";
System altered.
At this point, you should be able to transparently encrypt tablespaces, columns, LOBS, etc.
Frequently asked questions about TDE: 10g
11g Tablespace Encryption: Three easy steps
_507.png)
Subscribe
