[Oracle] transparent data encryption technology-TDE

[Oracle] Transparent Data Encryption technology-TDE the full name of Oracle TDE is Transparent Data Encryption. It supports column-based Encryption from 10gr2 and table space-based Encryption from 11 GB. It is transparent to applications and easy to manage without application settings, but it also has the following restrictions: -You can only use B-Tree indexes-encrypted columns and cannot perform rang scan on the indexes. -External Object-transfer tablespace-exp/imp operation TDE-column-based encryption due to Oracle TDE-column-based encryption, all you have to do is define the columns to be encrypted. Oracle will create a private security encryption key for the tables containing the encrypted columns, then, use the encryption algorithm you specified to encrypt the plaintext data of the specified column. TDE supports the following encryption algorithms: 3DES168 AES128 AES192 AES256: 1) ensure that the database compatible version is higher than 10gr2 [SQL] SQL> show parameter compatible NAME TYPE VALUE =------------------------------------ compatible string 11.2.0.0.0 2) to set the wallet location (in sqlnet. the following content is written to the ora file and takes effect only after the database is restarted.): [plain] ENCRYPTION_WALLET_LOCATION = (SOURCE = (METHOD = file) (METHOD_DATA = (DIRECTORY = C: \ app \ xianzhu \ product \ 11.2.0 \ walle (T) 3) create key [SQL] SQL> alter system set encryption key authenticated by "myPassword" in the wallet. The system has changed. The above command will generate wallet 4) in the corresponding directory to create a table and encrypt a column in it [SQL] SQL> create table tde_private (2 id number (10) primary key, 3 info varchar2 (50) encrypt using 'aes192' 4); the table has been created. SQL> set line 200 SQL> select * from dba_encrypted_columns; OWNER TABLE_NAME COLUMN_NAME ENCRYPTION_ALG SAL INTEGRITY_AL ---------------- encrypt partition --- ------------ TEST TDE_PRIVATE info aes 192 bits key YES SHA-1 SQL> insert into tde_private values (1, 'this is private info '); one row has been created. SQL> commit; submitted completely. 5) If you disable wallet, you cannot access the encrypted data: [SQL] SQL> alter system set wallet close identified by "myPassword"; the system has changed. SQL> select * from tde_private; select * from tde_private * row 1st error: ORA-28365: Wallet not open 6) Reopen wallet to access encrypted data: [SQL] SQL> alter system set wallet open identified by "myPassword"; the system has changed. SQL> select * from tde_private; ID INFO ---------- ---------------------------------------------- 1 This is private info TDE-tablespace-based encryption This is a new feature launched by Oracle 11g, which encrypts the entire tablespace. The following statement creates an encrypted tablespace: [SQL] SQL> create tablespace encrypted_ts encryption using 'aes256 'default storage (encrypt); The tablespace has been created. SQL> select tablespace_name, encrypted from dba_tablespaces where tablespace_name = 'encrypted_ts '; TABLESPACE_NAME ENC -------------------------- --- ENCRYPTED_TS YES ENCRYPTED field V. s. encrypted tablespace encryption is implemented when data is stored, that is, the data stored in the file has been encrypted. Field encryption occurs at the SQL layer, SQL calls an algorithm to encrypt data. The data encrypted in the tablespace will no longer receive field encryption restrictions, such as:-field type-index type-no salt common index encryption tablespace restrictions-External large objects (bfiles) no.-exp/imp is not supported. You need to use expdp/impdp.