/*
Author:ch
date:2015
Theme:oracle TDE Test
*/
One transparent encryption (TDE, Transparent Data encryption)
Reference:
Http://www.oracle.com/technetwork/cn/tutorials/tde-096772-zhs.html#t3
Http://www.eygle.com/archives/2011/09/oracle_transparent_data_encryption.html
http://blog.itpub.net/17203031/viewspace-681825/
Effect: Prevents the loss of media and will be read by others to the data. In the case of wallet open, there is virtually no limit to using SQL statement queries.
Second, the operation
Start the operation, test on 192.168.8.126 (ORACLE_SID=DB), and log on to the computer using an ORACLE user.
# su–oracle
1. Modify the Sqlnet.ora to confirm where the encrypted files are placed
# cd/u01/app/oracle/product/11.2.0/dbhome_1/network/admin/
# Vim Sqlnet.ora
/*
encryption_wallet_location=
(Source= (Method=file) (Method_data= (Directory=/u01/app/oracle/product/11.2.0/dbhome_1)))--The red is the path
*/
2. Open the wallet and create a secret key
# Sqlplus
(1) must be logged in as DBA
(2) Open wallet to modify the key, there are two options, a "universal", a "wallet" (wallet)
--Universal Key
Sql> alter system set key identified by "test123456";
--wallet key (not currently used)
Sql> alter system set wallet open identified by "test123456";
After opening the wallet, set the key and complete the basic settings.
--Close
Sql> alter system set encryption wallet close identified by "test123456";
Encrypting files, paths
3. To confirm that transparent data encryption is enabled, it is generally open
If it's not open, you can open it to EM.
4. Encrypt columns in a table
--Encrypt the value1 (there is a table on 126 with a few data)
CREATE TABLE Test2
(
ID int ENCRYPT NO SALT,
Value1 number ENCRYPT,
value2 int
);
Create INDEX Idx1_test2 on test2 (ID);
--If you close the wallet, the query will error
Sql> alter system set encryption wallet close identified by "test123456";
Select value1 from Test2;
SELECT * from Test2;
Ora-28365:wallet not open
5. You can encrypt the tablespace
6. View the transparent encryption situation:
L Dba_encrypted_columns: All encrypted fields are recorded;
L All_encrypted_columns: Record all encrypted fields that the current user can access;
L User_encrypted_columns: Record all encrypted fields of the current user's schema;
7. Cancel encryption to manage 8.Salt parameters in EM
(1) There are two options when encrypting a column: Salt and no salt.
Salt before encryption on the data to increase the string, increase the difficulty of cracking, so that the same string encryption results are different, and for no Salt, the same string can obtain the same encryption output, its security is relatively low.
(2) On an encrypted column, if you use salt, you cannot create an index, and salt encryption and indexing are mutually exclusive and cannot be set at the same time.
(3) Default salt.
Disadvantages of 9.TDE
(1) In the case of TDE, the data values stored in the database file are encrypted. Encrypted column values are generally longer than the original data values, so the data table is larger than it is when using TDE.
(2) The encryption and decryption operation of TDE is built on the basis of automatic encryption and decryption. When data is inserted and data is modified, data is automatically encrypted and stored in the data table, and the encrypted column values are automatically decrypted when the data is selected. This operation virtually increases the cost of data operations
(3) TDE is not responsible for encrypting the data transfer phase. The data is transferred from the DBMS to the app in clear text mode.
ORACLE Transparent Encryption (TDE)