Oracle database transparent Data encryption technology (TDE)

On the principle of data encryption, you can refer to [data security] to talk about the mathematical principles of cryptography http://blog.csdn.net/u010415792/article/details/9007931. How to encrypt the technology from here, in the understanding of specific real-time before, must first understand the principle of public key key, know it, but also know why.

The full name of Oracle TDE is transparent data encryption transparent encryption, which supports column based encryption from the 10GR2, and supports tablespace based encryption starting at 11g. It has the advantage of being transparent to the application and easy to manage without applying settings, but it has the following limitations:

– Use only the B-tree index

– The encrypted column cannot perform rang scan operations on the index.

– External objects

– Transfer table Space

–exp/imp operation

TDE-Column based encryption

With Oracle tde-based on column encryption, all you have to do is define the columns that need to be encrypted, and Oracle will create a private security encryption key for the table that contains the encrypted columns, and then encrypt the specified column's plaintext data with the encryption algorithm you specify.

The encryption algorithms supported by TDE are:

3des168 AES128 AES192 AES256

Let's look at a specific example:

1 guarantee that the database compatible version is higher than 10GR2

Sql> Show parameter compatible  
      
NAME                                 TYPE        VALUE  
----------------------------------------------- ------------------------------  
compatible                           string      11.2.0.0.0

2 Set the wallet position (write the following in the Sqlnet.ora file, you need to restart the database to take effect):

Encryption_wallet_location =  
 (source=  
   (method=file)  
     (method_data=  
       (directory=c:\app\xianzhu\ Product\11.2.0\wallet)))

3 Create key inside wallet

Sql> alter system set encryption key authenticated by "MyPassword";  
      
The system has changed.

The above command will generate wallet in the corresponding directory

4 Create a table that encrypts one of the columns

Sql> CREATE TABLE Tde_private (  
  2  ID number (x) primary key,  
  3  info varchar2 (m) encrypt using ' AES192 '
  4  );  
      
Table has been created.  
      
sql> Set  
line Sql> select * from Dba_encrypted_columns;  
      
OWNER            table_name                     column_name                    

encryption_alg                SAL integrity_al  
------------------------- -------------------------------------------------------------

----------------------------------  
TEST             tde_private                    INFO                           AES 

sql> bits key              YES SHA-1  
      
insert INTO tde_private values (1, ' the ' is Private info '); 
   has created 1 rows.  
      
sql> commit;  
      
Submit completed.