Monday, July 11, 2016
Tablespace Encryption in Oracle 11g
Tablespace encryption helps us to secure the complete contents of one Tablespace instead of encrypt column by column. This method is one of Oracle Transparent Data Encryption (TDE) feature.
TDE is a part of the Oracle Advanced Security Option which also includes Strong Authentication and Network encryption. It is only avaible in the Enterprise Edtion of the database as extra cost option.
We must complete three steps to encrypt our data.
1. Create a Wallet
Berfore we can create a encrypted tablespace we must first create a Oracle Wallet which holds the encryption key. The database read the
sqlnet.ora File to find the wallet. If no entry is present in the sqlnet.ora File the database trys to find the Wallet under
$ORACLE_HOME/admin/$ORACLE_SID/wallet.
2. Create a Tablespace
CREATE TABLESPACE lobts3
DATAFILE '/u01/app/oracle/oradata/orcl/lobtbs3.dbf' SIZE 20M
AUTOEXTEND ON NEXT 64K
ENCRYPTION USING 'AES256'
DEFAULT STORAGE(ENCRYPT);
3. Test the encryption
To check the encrypted tablesapce
select * from dba_tablespaces where encrypted='YES'
select a.name, b.TS#, b.ENCRYPTEDTS, b.ENCRYPTIONALG
from V$TABLESPACE A, V$ENCRYPTED_TABLESPACES B
where A.ts# = B.ts#;
reference: https://petesdbablog.wordpress.com/2013/04/20/tablespace-encryption-in-oracle-11g/
http://dbaworkshop.blogspot.co.id/2014/06/How-to-encrypt-the-data-tablespace-or-columns-table-using-a-software-keystore-previously-known-as-Oracle-Wallet.html
Subscribe to:
Posts (Atom)