Oracle 11g加密備份

Oracle的加密方式有三種：透明加密、密碼加密、雙模式加密。

預設情況下，Oracle會關閉加密功能：
RMAN> show all;
CONFIGURE ENCRYPTION FOR DATABASE OFF; # default
CONFIGURE ENCRYPTION ALGORITHM 'AES128'; # default

sys@OCP> SELECT ALGORITHM_ID,ALGORITHM_NAME FROM V$RMAN_ENCRYPTION_ALGORITHMS;

ALGORITHM_ID ALGORITHM_NAME
------------ ----------------------------------------------------------------
          1 AES128
          2 AES192
          3 AES256

1、透明加密(恢複資料表空間tp1)
如果要配置透明加密，那在RMAN下用CONFIGURE命令，透明加密也叫錢包加密，它是RMAN的預設加密方法。
這種方法不需要設定密碼，很適合在本地的備份與恢複，如果備份不需要傳到其他的機器上，建議採用這樣的加密方法。因為不要求輸入密碼，只需要配置加密/解密信任書，也就是Oracle Encryption Wallet

（1）設定透明加密，確保wallet是open的
RMAN> CONFIGURE ENCRYPTION FOR DATABASE ON;

new RMAN configuration parameters:
CONFIGURE ENCRYPTION FOR DATABASE ON;
new RMAN configuration parameters are successfully stored

RMAN> set encryption on;

executing command: SET encryption

（2)執行備份，報錯。（注意：必須開啟資料庫錢包）

  RMAN> backup as compressed backupset tablespace tp1;

Starting backup at 17-FEB-14
using channel ORA_DISK_1
channel ORA_DISK_1: starting compressed full datafile backup set
channel ORA_DISK_1: specifying datafile(s) in backup set
input datafile file number=00006 name=/u01/app/oracle/oradata/ocm/tp1.dbf
channel ORA_DISK_1: starting piece 1 at 17-FEB-14
RMAN-00571: ===========================================================
RMAN-00569: =============== ERROR MESSAGE STACK FOLLOWS ===============
RMAN-00571: ===========================================================
RMAN-03009: failure of backup command on ORA_DISK_1 channel at 02/17/2014 12:28:11
ORA-19914: unable to encrypt backup
ORA-28365: wallet is not open

（3）建立一個新目錄，並指定為Wallet目錄/u01/app/oracle/admin/ocp/wallet

[oracle@mydb ocp]$ mkdir -p /u01/app/oracle/admin/ocp/wallet

 配置sqlnet.ora(可以不設定)
ENCRYPTION_WALLET_LOCATION=(SOURCE=(METHOD=FILE)(METHOD_DATA=(DIRECTORY=/u01/app/oracle/admin/ocp/wallet)
))

（4）進入SQLPLUS程式，開啟錢包，建立wallet,包括設定密碼、產生信任檔案、並啟動wallet。
 先查視圖V$ENCRYPTION_WALLET看錢包有沒有開啟
sys@OCP> col WRL_PARAMETER for a50
sys@OCP>  SELECT * FROM V$ENCRYPTION_WALLET;

WRL_TYPE            WRL_PARAMETER                                      STATUS
-------------------- -------------------------------------------------- ------------------
file                /u01/app/oracle/admin/ocp/wallet                  CLOSED

idle>  alter system set wallet open identified by "guoyJoe";

System altered.

（5）簡單測試
  RMAN> backup as compressed backupset tablespace tp1;

Starting backup at 17-FEB-14
using channel ORA_DISK_1
channel ORA_DISK_1: starting compressed full datafile backup set
channel ORA_DISK_1: specifying datafile(s) in backup set
input datafile file number=00006 name=/u01/app/oracle/oradata/ocm/tp1.dbf
channel ORA_DISK_1: starting piece 1 at 17-FEB-14
channel ORA_DISK_1: finished piece 1 at 17-FEB-14
piece handle=/u01/app/oracle/product/11.2.0/dbs/48p0rotn_1_1 tag=TAG20140217T134423 comment=NONE
channel ORA_DISK_1: backup set complete, elapsed time: 00:00:15
Finished backup at 17-FEB-14

Starting Control File and SPFILE Autobackup at 17-FEB-14
piece handle=/backup/c-2735927810-20140217-02 comment=NONE
Finished Control File and SPFILE Autobackup at 17-FEB-14

RMAN> shutdown immediate;

database closed
database dismounted
Oracle instance shut down

RMAN> startup mount;

connected to target database (not started)
Oracle instance started
database mounted

Total System Global Area    1006809088 bytes

Fixed Size                    2233520 bytes
Variable Size                478153552 bytes
Database Buffers            419430400 bytes
Redo Buffers                106991616 bytes

RMAN> restore tablespace tp1;

Starting restore at 17-FEB-14
allocated channel: ORA_DISK_1
channel ORA_DISK_1: SID=18 device type=DISK

channel ORA_DISK_1: starting datafile backup set restore
channel ORA_DISK_1: specifying datafile(s) to restore from backup set
channel ORA_DISK_1: restoring datafile 00006 to /u01/app/oracle/oradata/ocm/tp1.dbf
channel ORA_DISK_1: reading from backup piece /u01/app/oracle/product/11.2.0/dbs/48p0rotn_1_1
RMAN-00571: ===========================================================
RMAN-00569: =============== ERROR MESSAGE STACK FOLLOWS ===============
RMAN-00571: ===========================================================
RMAN-03002: failure of restore command at 02/17/2014 13:45:32
ORA-19870: error while restoring backup piece /u01/app/oracle/product/11.2.0/dbs/48p0rotn_1_1
ORA-19913: unable to decrypt backup
ORA-28365: wallet is not open

RMAN> sql 'alter system set wallet open identified by "guoyJoe"';

sql statement: alter system set wallet open identified by "guoyJoe"

RMAN> restore tablespace tp1;

Starting restore at 17-FEB-14
using channel ORA_DISK_1

channel ORA_DISK_1: starting datafile backup set restore
channel ORA_DISK_1: specifying datafile(s) to restore from backup set
channel ORA_DISK_1: restoring datafile 00006 to /u01/app/oracle/oradata/ocm/tp1.dbf
channel ORA_DISK_1: reading from backup piece /u01/app/oracle/product/11.2.0/dbs/48p0rotn_1_1
channel ORA_DISK_1: piece handle=/u01/app/oracle/product/11.2.0/dbs/48p0rotn_1_1 tag=TAG20140217T134423
channel ORA_DISK_1: restored backup piece 1
channel ORA_DISK_1: restore complete, elapsed time: 00:00:25
Finished restore at 17-FEB-14

RMAN> recover tablespace tp1;

Starting recover at 17-FEB-14
using channel ORA_DISK_1

starting media recovery
media recovery complete, elapsed time: 00:00:00

Finished recover at 17-FEB-14

RMAN> alter database open;

database opened

1 2 下一頁