ORACLE Transparent Encryption (TDE)

Source: Internet
Author: User
Tags create index

/*

Author:ch

date:2015

Theme:oracle TDE Test

*/

One transparent encryption (TDE, Transparent Data encryption)

Reference:

Http://www.oracle.com/technetwork/cn/tutorials/tde-096772-zhs.html#t3

Http://www.eygle.com/archives/2011/09/oracle_transparent_data_encryption.html

http://blog.itpub.net/17203031/viewspace-681825/

Effect: Prevents the loss of media and will be read by others to the data. In the case of wallet open, there is virtually no limit to using SQL statement queries.

Second, the operation

Start the operation, test on 192.168.8.126 (ORACLE_SID=DB), and log on to the computer using an ORACLE user.

# su–oracle

1. Modify the Sqlnet.ora to confirm where the encrypted files are placed

# cd/u01/app/oracle/product/11.2.0/dbhome_1/network/admin/

# Vim Sqlnet.ora

/*

encryption_wallet_location=

(Source= (Method=file) (Method_data= (Directory=/u01/app/oracle/product/11.2.0/dbhome_1)))--The red is the path

*/

2. Open the wallet and create a secret key

# Sqlplus

(1) must be logged in as DBA

(2) Open wallet to modify the key, there are two options, a "universal", a "wallet" (wallet)

--Universal Key

Sql> alter system set key identified by "test123456";

--wallet key (not currently used)

Sql> alter system set wallet open identified by "test123456";

After opening the wallet, set the key and complete the basic settings.

--Close

Sql> alter system set encryption wallet close identified by "test123456";

Encrypting files, paths

3. To confirm that transparent data encryption is enabled, it is generally open

If it's not open, you can open it to EM.

4. Encrypt columns in a table

--Encrypt the value1 (there is a table on 126 with a few data)

CREATE TABLE Test2

(

ID int ENCRYPT NO SALT,

Value1 number ENCRYPT,

value2 int

);

Create INDEX Idx1_test2 on test2 (ID);

--If you close the wallet, the query will error

Sql> alter system set encryption wallet close identified by "test123456";

Select value1 from Test2;

SELECT * from Test2;

Ora-28365:wallet not open

5. You can encrypt the tablespace

6. View the transparent encryption situation:

L Dba_encrypted_columns: All encrypted fields are recorded;

L All_encrypted_columns: Record all encrypted fields that the current user can access;

L User_encrypted_columns: Record all encrypted fields of the current user's schema;

7. Cancel encryption to manage 8.Salt parameters in EM

(1) There are two options when encrypting a column: Salt and no salt.
Salt before encryption on the data to increase the string, increase the difficulty of cracking, so that the same string encryption results are different, and for no Salt, the same string can obtain the same encryption output, its security is relatively low.
(2) On an encrypted column, if you use salt, you cannot create an index, and salt encryption and indexing are mutually exclusive and cannot be set at the same time.

(3) Default salt.

Disadvantages of 9.TDE

(1) In the case of TDE, the data values stored in the database file are encrypted. Encrypted column values are generally longer than the original data values, so the data table is larger than it is when using TDE.

(2) The encryption and decryption operation of TDE is built on the basis of automatic encryption and decryption. When data is inserted and data is modified, data is automatically encrypted and stored in the data table, and the encrypted column values are automatically decrypted when the data is selected. This operation virtually increases the cost of data operations

(3) TDE is not responsible for encrypting the data transfer phase. The data is transferred from the DBMS to the app in clear text mode.

ORACLE Transparent Encryption (TDE)

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.