[Oracle]构筑TDE 环境的例子
构筑TDE 环境的例子:
测试环境:12.1.0.2
$ cd $ORACLE_HOME/network/admin $ vim sqlnet.ora $ pwd /u01/app/oracle/product/12.1.0/dbhome_1/network/admin
sqlnet.ora 需要配置:
$ cat sqlnet.ora ENCRYPTION_WALLET_LOCATION = (SOURCE =(METHOD = FILE)(METHOD_DATA = (DIRECTORY = /u01/app/oracle/admin/$ORACLE_SID/encryption_keystore/)
创建相应的目录:
$ mkdir -p /u01/app/oracle/admin/$ORACLE_SID/encryption_keystore
创建 KEYSTORE:
$ sqlplus / as sysdba SQL> ADMINISTER KEY MANAGEMENT CREATE KEYSTORE '/u01/app/oracle/admin/ora12102/encryption_keystore/' IDENTIFIED BY myPassword; SQL> HOST ls /u01/app/oracle/admin/ora12102/encryption_keystore/ ewallet.p12 <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<< 发现生成了相关的文件 SQL> ADMINISTER KEY MANAGEMENT SET KEYSTORE OPEN IDENTIFIED BY myPassword CONTAINER=ALL; SQL> ADMINISTER KEY MANAGEMENT SET KEY IDENTIFIED BY myPassword WITH BACKUP CONTAINER=ALL;
确认结果:
SQL> SET LINESIZE 100 SQL> SELECT con_id, key_id FROM v$encryption_keys; CON_ID ---------- KEY_ID ---------------------------------------------------------------------------------------------------- 0 AclrihXAik+1vxl5oahS/ukAAAAAAAAAAAAAAAAAAAAAAAAAAAAA 0 AUgIBXZg2E9rvzdpDEfXjVIAAAAAAAAAAAAAAAAAAAAAAAAAAAAA 0 AekjUfUQkE9Mv+hfTnnWDfIAAAAAAAAAAAAAAAAAAAAAAAAAAAAA SQL> SET LINESIZE 200 SQL> COLUMN wrl_parameter FORMAT A50 SQL> SELECT * FROM v$encryption_wallet; WRL_TYPE WRL_PARAMETER ------------------------------------------------------------ -------------------------------------------------- STATUS WALLET_TYPE WALLET_ORDER ------------------------------------------------------------------------------------------ ------------------------------------------------------------ --------------------------- FULLY_BACKED_UP CON_ID --------------------------- ---------- FILE /u01/app/oracle/admin/ora12102/encryption_keystore / OPEN PASSWORD SINGLE NO 0 SQL> CONN sys@mypdb1 AS SYSDBA SQL> SELECT con_id, key_id FROM v$encryption_keys; CON_ID ---------- KEY_ID ------------------------------------------------------------------------------------------------------------------------------------------------------------ 0 AUgIBXZg2E9rvzdpDEfXjVIAAAAAAAAAAAAAAAAAAAAAAAAAAAAA SQL> grant dba to test identified by test; SQL> conn test/test@mypdb1 SQL> CREATE TABLE tde_test ( id NUMBER(10), data VARCHAR2(50) ENCRYPT ); SQL> INSERT INTO tde_test VALUES (1, 'This is a secret!'); SQL> commit; SQL> conn sys@mypdb1 AS SYSDBA
创建 TDE 表领域:
SQL> CREATE TABLESPACE encrypted_ts DATAFILE '/home/oracle/tbs01.dbf' SIZE 128K AUTOEXTEND ON NEXT 64K ENCRYPTION USING 'AES256' DEFAULT STORAGE(ENCRYPT); SQL> ALTER USER test QUOTA UNLIMITED ON encrypted_ts;
然后,可以使用TDE 表领域来创建和使用表了:
SQL> CONN test/test@mypdb1 SQL> CREATE TABLE tde_ts_test ( id NUMBER(10), data VARCHAR2(50) ) TABLESPACE encrypted_ts; SQL> INSERT INTO tde_ts_test VALUES (1, 'This is also a secret!'); SQL> commit;
参考:https://oracle-base.com/articles/12c/multitenant-transparent-data-encryption-tde-12cr1