On the principle of data encryption, you can refer to [data security] to talk about the mathematical principles of cryptography http://blog.csdn.net/u010415792/article/details/9007931. How to encrypt the technology from here, in the understanding of specific real-time before, must first understand the principle of public key key, know it, but also know why.
The full name of Oracle TDE is transparent data encryption transparent encryption, which supports column based encryption from the 10GR2, and supports tablespace based encryption starting at 11g. It has the advantage of being transparent to the application and easy to manage without applying settings, but it has the following limitations:
– Use only the B-tree index
– The encrypted column cannot perform rang scan operations on the index.
– External objects
– Transfer table Space
–exp/imp operation
TDE-Column based encryption
With Oracle tde-based on column encryption, all you have to do is define the columns that need to be encrypted, and Oracle will create a private security encryption key for the table that contains the encrypted columns, and then encrypt the specified column's plaintext data with the encryption algorithm you specify.
The encryption algorithms supported by TDE are:
3des168 AES128 AES192 AES256
Let's look at a specific example:
1 guarantee that the database compatible version is higher than 10GR2
Sql> Show parameter compatible
NAME TYPE VALUE
----------------------------------------------- ------------------------------
compatible string 11.2.0.0.0
2 Set the wallet position (write the following in the Sqlnet.ora file, you need to restart the database to take effect):
Encryption_wallet_location =
(source=
(method=file)
(method_data=
(directory=c:\app\xianzhu\ Product\11.2.0\wallet)))
3 Create key inside wallet
Sql> alter system set encryption key authenticated by "MyPassword";
The system has changed.
The above command will generate wallet in the corresponding directory
4 Create a table that encrypts one of the columns
Sql> CREATE TABLE Tde_private (
2 ID number (x) primary key,
3 info varchar2 (m) encrypt using ' AES192 '
4 );
Table has been created.
sql> Set
line Sql> select * from Dba_encrypted_columns;
OWNER table_name column_name
encryption_alg SAL integrity_al
------------------------- -------------------------------------------------------------
----------------------------------
TEST tde_private INFO AES
sql> bits key YES SHA-1
insert INTO tde_private values (1, ' the ' is Private info ');
has created 1 rows.
sql> commit;
Submit completed.