Transparent Data Encryption DEMO Transparent Data Encryption
Demo For TDE Column Encryption (Oracle 10g, 11g) TableSpace Encrytion (Oracle 11g)
Column Encryption Create a Wallet: Open sqlnet.ora file in: …\product\11.2.0\dbhome_1\NETWORK\A DMIN Add to sqlnet.ora file this code: ENCRYPTION_WALLET_LOCATION = (SOURCE= (METHOD=file) (METHOD_DATA= (DIRECTORY=C:\oracle\product\10.2.0\db_1\NE TWORK\ADMIN\tde_wallet)))
SQLNET.ORA
Edit File sqlnet.ora
Create A Master Key Create a Master Key: Run script in isqlplus: alter system set encryption key authenticated by "ImOracle"; This command creates a wallet at the location defined in the sqlnet.ora, sets the password for it. A Master Key will be automatically generated by TDE and store in wallet secured by password. This Master Key is used by TDE to encrypt column key of each table.
Set PassWord To Wallet
TDE In Oracle 11g In Oracle 11g, after login as DBAs, in tab server, you can click to link Transparent Data Encryption to view wallet status:
TDE In Oracle 11g
Wallet Status
Wallet Manager You can use Wallet Manager to manage Oracle Wallet.
Open Wallet Manager
Wallet Manger
Wallet Manager Set Autologin to Wallet: You can set auto login to Wallet (after creating password for it) to Oracle open wallet automatically when starting. You must use Wallet Management to do this.
Set Auto Login To Wallet
Column Encryption Create tablespace for encrypted tables: CREATE TABLESPACE ts_tde DATAFILE 'C:\ts_tde.dbf' SIZE 20m autoextend ON NEXT 5m Extent management local segment space management auto; CREATE USER tde_test identified by test default tablespace ts_tde quota unlimited on ts_tde; GRANT connect,resource to tde_test; Go to folder specified, you will see created table space
Column Encryption
Column Encryption Create an unencrypted table and insert data: CREATE TABLE tde_test ( id NUMBER(10), data VARCHAR2(50) )TABLESPACE ts_tde; INSERT INTO tde_test (id, data) VALUES (1, 'This is a secret!'); COMMIT;
Column Encryption Open ts_tde.dbf with notepad and search data
Search Data In Clear Text Form
Search Data In Clear Text Form It can be seen that the sensitive data is written in the data files as clear text. Since the data is in clear text format in the datafile so it is in the archived redo log files, backup sets etc. Any one who has access to your backup tapes can easily steal your backups, restore it somewhere and see all of your data.
Search Data In Clear Text Form
Create An Encrypted Table Create an encrypted table and insert data: CREATE TABLE tde_test ( id NUMBER(10), data VARCHAR2(50) ENCRYPT )TABLESPACE ts_tde; INSERT INTO tde_test (id, data) VALUES (1, 'This is a secret!'); You can use select command to view what columns encrypted: SELECT table_name, column_name, encryption_alg, salt from user_encrypted_columns;
View Encrypted Columns
View Encrypted Data You can’t also search data in clear text:
Tablespace Encryption Create wallet, set password to wallet like in column encryption. After openning wallet, we create an encrypted tablespace: CREATE TABLESPACE secure_space DATAFILE 'c:/secure_space.dbf' SIZE 150M ENCRYPTION USING '3DES168' DEFAULT STORAGE(ENCRYPT); Algorithm used: '3DES168’
Create an Encrypted Tablespace
Tablespace Encryption Create another encrypted tablespace: CREATE TABLESPACE secure_space3 DATAFILE 'c:/secure_space3.dbf' SIZE 150M ENCRYPTION DEFAULT STORAGE(ENCRYPT); Default encryption algorithm is: AES128
Create an Encrypted Tablespace
Thanks For Your Attention