[Oracle]构筑TDE 环境的例子
構筑TDE 環境的例子:
測試環境:12.1.0.2
$ cd $ORACLE_HOME/network/admin
$ vim sqlnet.ora
$ pwd
/u01/app/oracle/product/12.1.0/dbhome_1/network/admin
sqlnet.ora 需要配置:
$ cat sqlnet.ora
ENCRYPTION_WALLET_LOCATION =
?(SOURCE =(METHOD = FILE)(METHOD_DATA =
?? (DIRECTORY = /u01/app/oracle/admin/$ORACLE_SID/encryption_keystore/)
創建相應的目錄:
$ mkdir -p /u01/app/oracle/admin/$ORACLE_SID/encryption_keystore
創建 KEYSTORE:
$ sqlplus / as sysdba
SQL> ADMINISTER KEY MANAGEMENT CREATE KEYSTORE '/u01/app/oracle/admin/ora12102/encryption_keystore/' IDENTIFIED BY myPassword;
SQL> HOST ls /u01/app/oracle/admin/ora12102/encryption_keystore/
ewallet.p12 <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<??? 發現生成了相關的文件
SQL> ADMINISTER KEY MANAGEMENT SET KEYSTORE OPEN IDENTIFIED BY myPassword CONTAINER=ALL;
SQL> ADMINISTER KEY MANAGEMENT SET KEY IDENTIFIED BY myPassword WITH BACKUP CONTAINER=ALL;
確認結果:
SQL> SET LINESIZE 100
SQL> SELECT con_id, key_id FROM v$encryption_keys;
?? CON_ID
----------
KEY_ID
----------------------------------------------------------------------------------------------------
??????? 0
AclrihXAik+1vxl5oahS/ukAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
??????? 0
AUgIBXZg2E9rvzdpDEfXjVIAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
??????? 0
AekjUfUQkE9Mv+hfTnnWDfIAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
SQL> SET LINESIZE 200
SQL> COLUMN wrl_parameter FORMAT A50
SQL> SELECT * FROM v$encryption_wallet;
WRL_TYPE???????????????????????????????????????????????????? WRL_PARAMETER
------------------------------------------------------------ --------------------------------------------------
STATUS???????????????????????????????????????????????????????????????????????????????????? WALLET_TYPE????????????????????????????????????????????????? WALLET_ORDER
------------------------------------------------------------------------------------------ ------------------------------------------------------------ ---------------------------
FULLY_BACKED_UP???????????????? CON_ID
--------------------------- ----------
FILE???????????????????????????????????????????????????????? /u01/app/oracle/admin/ora12102/encryption_keystore
???????????????????????????????????????????????????????????? /
OPEN?????????????????????????????????????????????????????????????????????????????????????? PASSWORD???????????????????????????????????????????????????? SINGLE
NO?????????????????????????????????? 0
SQL> CONN sys@mypdb1 AS SYSDBA
SQL> SELECT con_id, key_id FROM v$encryption_keys;
?? CON_ID
----------
KEY_ID
------------------------------------------------------------------------------------------------------------------------------------------------------------
??????? 0
AUgIBXZg2E9rvzdpDEfXjVIAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
SQL> grant dba to test identified by test;
SQL> conn test/test@mypdb1
SQL> CREATE TABLE tde_test (
?id??? NUMBER(10),
?data? VARCHAR2(50) ENCRYPT
); ?
SQL> INSERT INTO tde_test VALUES (1, 'This is a secret!');
SQL> commit;
SQL> conn sys@mypdb1 AS SYSDBA
創建 TDE 表領域:
SQL> CREATE TABLESPACE encrypted_ts
??????? DATAFILE '/home/oracle/tbs01.dbf' SIZE 128K
??????? AUTOEXTEND ON NEXT 64K
??????? ENCRYPTION USING 'AES256'
??????? DEFAULT STORAGE(ENCRYPT);
SQL> ALTER USER test QUOTA UNLIMITED ON encrypted_ts;
然后,可以使用TDE 表領域來創建和使用表了:
SQL> CONN test/test@mypdb1
SQL> CREATE TABLE tde_ts_test (
?id??? NUMBER(10),
?data? VARCHAR2(50)
) TABLESPACE encrypted_ts;
SQL> INSERT INTO tde_ts_test VALUES (1, 'This is also a secret!');
SQL> commit;
參考:https://oracle-base.com/articles/12c/multitenant-transparent-data-encryption-tde-12cr1
本文轉自健哥的數據花園博客園博客,原文鏈接:http://www.cnblogs.com/gaojian/p/7596154.html,如需轉載請自行聯系原作者
總結
以上是生活随笔為你收集整理的[Oracle]构筑TDE 环境的例子的全部內容,希望文章能夠幫你解決所遇到的問題。
- 上一篇: 零、信息搜集
- 下一篇: 第 14 章 Networking