[Oracle]构筑TDE 环境的例子

构筑TDE 环境的例子:

测试环境:12.1.0.2

$ cd $ORACLE_HOME/network/admin
$ vim sqlnet.ora

$ pwd
/u01/app/oracle/product/12.1.0/dbhome_1/network/admin


sqlnet.ora 需要配置:

$ cat sqlnet.ora

ENCRYPTION_WALLET_LOCATION =
 (SOURCE =(METHOD = FILE)(METHOD_DATA =
   (DIRECTORY = /u01/app/oracle/admin/$ORACLE_SID/encryption_keystore/)

 
创建相应的目录:

$ mkdir -p /u01/app/oracle/admin/$ORACLE_SID/encryption_keystore

 
创建 KEYSTORE:

$ sqlplus / as sysdba

SQL> ADMINISTER KEY MANAGEMENT CREATE KEYSTORE '/u01/app/oracle/admin/ora12102/encryption_keystore/' IDENTIFIED BY myPassword;

SQL> HOST ls /u01/app/oracle/admin/ora12102/encryption_keystore/
ewallet.p12 <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<    发现生成了相关的文件


SQL> ADMINISTER KEY MANAGEMENT SET KEYSTORE OPEN IDENTIFIED BY myPassword CONTAINER=ALL;

SQL> ADMINISTER KEY MANAGEMENT SET KEY IDENTIFIED BY myPassword WITH BACKUP CONTAINER=ALL;

 
确认结果:

SQL> SET LINESIZE 100
SQL> SELECT con_id, key_id FROM v$encryption_keys;

   CON_ID
----------
KEY_ID
----------------------------------------------------------------------------------------------------
        0
AclrihXAik+1vxl5oahS/ukAAAAAAAAAAAAAAAAAAAAAAAAAAAAA

        0
AUgIBXZg2E9rvzdpDEfXjVIAAAAAAAAAAAAAAAAAAAAAAAAAAAAA

        0
AekjUfUQkE9Mv+hfTnnWDfIAAAAAAAAAAAAAAAAAAAAAAAAAAAAA


SQL> SET LINESIZE 200
SQL> COLUMN wrl_parameter FORMAT A50
SQL> SELECT * FROM v$encryption_wallet;

WRL_TYPE                                                     WRL_PARAMETER
------------------------------------------------------------ --------------------------------------------------
STATUS                                                                                     WALLET_TYPE                                                  WALLET_ORDER
------------------------------------------------------------------------------------------ ------------------------------------------------------------ ---------------------------
FULLY_BACKED_UP                 CON_ID
--------------------------- ----------
FILE                                                         /u01/app/oracle/admin/ora12102/encryption_keystore
                                                             /
OPEN                                                                                       PASSWORD                                                     SINGLE
NO                                   0


SQL> CONN sys@mypdb1 AS SYSDBA

SQL> SELECT con_id, key_id FROM v$encryption_keys;

   CON_ID
----------
KEY_ID
------------------------------------------------------------------------------------------------------------------------------------------------------------
        0
AUgIBXZg2E9rvzdpDEfXjVIAAAAAAAAAAAAAAAAAAAAAAAAAAAAA




SQL> grant dba to test identified by test;

SQL> conn test/test@mypdb1

SQL> CREATE TABLE tde_test (
 id    NUMBER(10),
 data  VARCHAR2(50) ENCRYPT
);  

SQL> INSERT INTO tde_test VALUES (1, 'This is a secret!');
SQL> commit;

SQL> conn sys@mypdb1 AS SYSDBA

 
创建 TDE 表领域:

SQL> CREATE TABLESPACE encrypted_ts
        DATAFILE '/home/oracle/tbs01.dbf' SIZE 128K
        AUTOEXTEND ON NEXT 64K
        ENCRYPTION USING 'AES256'
        DEFAULT STORAGE(ENCRYPT);

SQL> ALTER USER test QUOTA UNLIMITED ON encrypted_ts;

 
然后,可以使用TDE 表领域来创建和使用表了:

SQL> CONN test/test@mypdb1

SQL> CREATE TABLE tde_ts_test (
 id    NUMBER(10),
 data  VARCHAR2(50)
) TABLESPACE encrypted_ts;


SQL> INSERT INTO tde_ts_test VALUES (1, 'This is also a secret!');
SQL> commit;

 


参考:https://oracle-base.com/articles/12c/multitenant-transparent-data-encryption-tde-12cr1

posted @ 2017-09-26 12:39  健哥的数据花园  阅读(751)  评论(0编辑  收藏  举报