Home > Others

TDE column encryption of database security

Source: Internet
Author: User
Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more >

Transparent data encryption (Transparent encryption)

TDE-column-based encryptionWith Oracle's tde-column-based encryption, all you have to do is define the columns that need to be encrypted, Oracle creates a private security encryption key for the table that contains the encrypted columns, and then encrypts the plaintext data for the specified column with the encryption algorithm that you specify. This encryption, does not require us to write special code, as long as we make "need to encrypt the column", when the user inserts the next row of data, the database transparent encrypted data and then store the encrypted data. When the user reads the data, the database automatically decrypts us and does not require the application to modify any code. 1. Ensure that the database compatibility version is higher than 10gsql> show parameter compatible

NAME TYPE VALUE
------------------------------------ ----------- ------------------------------
Compatible string 11.2.0

2. Set the location of the WALLET (write the following in the Sqlnet.ora file, need to restart the database to take effect): Specify the Encryption_wallet_location parameter

[email protected] admin]$ cat Sqlnet.ora

#SQLNET. Authentication_services= (NTS)
NAMES. Directory_path= (TNSNames)
Encryption_wallet_location =
(source=
(Method=file)
(Method_data=
(Directory=/home/oracle/wallet)))

3) in the designation (directory path, build the wallet directory. Otherwise newspaper: Ora-28368:cannot auto-create Wallet

[Email protected] ~]$ mkdir Wallet

[Email protected] wallet]$ pwd

/home/oracle/wallet

4) Create key in wallet

Sql> alter system set encryption key authenticated by "Andy";

System altered.

5) Create a table to encrypt one of the columns

Sql> CREATE TABLE Andy.andy_tde (
ID Number (TEN) primary key,
Col_tde VARCHAR2 (Encrypt) using ' AES192 '
); 2 3 4

Table created.

Description:The cryptographic algorithms supported by TDE:

3des168 AES128 AES192 (default) AES256

Sql> set Linesize 300
Sql> select * from Dba_encrypted_columns;

OWNER table_name column_name ENCRYPTION_ALG
------------------------------ ------------------------------ ------------------------------ ------------------
ANDY andy_tde col_tde AES 192 bits key

sql> INSERT INTO ANDY_TDE values (1, ' tde ');

1 row created.

Sql> commit;

Commit complete.

Sql> select * from Andy_tde;

ID col_tde
---------- ---------------------------------
1 TDE

6) If wallet is turned off, the encrypted data cannot be accessed:

Sql> alter system set wallet close identified by "Andy";

System altered.

Sql> select * from Andy_tde;
SELECT * FROM Andy_tde
*
ERROR at line 1:
Ora-28365:wallet is not open

7) Re-open wallet to access encrypted data

Sql> alter system set wallet open identified by "Andy";

System altered.

Sql> select * from Andy_tde;

ID col_tde
---------- ----------------------------
1 TDE

TDE column encryption of database security

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

Related Keywords:
sql tde encryption tde encryption sql server types of database encryption advantages of database security sql server column encryption sql server column level encryption what database security how many types of

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

What's Trending
Top 10 Tags
datastax versions naming convention zookeeper client class definition md5 microsoft sql server 2005 data structures exception handling error handling
Top 10 Keywords
microsoft download center down wordpress address url site address url wordpress address url windows installer 4 0 download 302 not found web address url definition site address url wordpress db2 integer mac os installation step by step pdf abbreviation for return

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

  • Sales Support

    1 on 1 presale consultation

    Chat Contact Sales

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    Open a Ticket

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

    Learn More