透明数据加密(Transparent Data Encryption)
NAME TYPE VALUE
------------------------------------ ----------- ------------------------------
compatible string 11.2.0
2. 设定wallet的位置(在sqlnet.ora文件中写入如下内容,需要重启数据库才能生效): 指定 ENCRYPTION_WALLET_LOCATION 参数
[oracle@11g admin]$ cat sqlnet.ora
#SQLNET.AUTHENTICATION_SERVICES= (NTS)
NAMES.DIRECTORY_PATH= (TNSNAMES)
ENCRYPTION_WALLET_LOCATION =
(SOURCE=
(METHOD=file)
(METHOD_DATA=
(DIRECTORY=/home/oracle/wallet)))
3)在指定(DIRECTORY路径下建好wallet目录。 不然报:ORA-28368: cannot auto-create wallet
[oracle@11g ~]$ mkdir wallet
[oracle@11g wallet]$ pwd
/home/oracle/wallet
4)在wallet里面创建key
SQL> alter system set encryption key authenticated by "andy";
System altered.
5)创建一个表,对其中某列加密
SQL> create table andy.andy_tde(
id number(10) primary key,
col_tde varchar2(50) encrypt using 'AES192'
); 2 3 4
Table created.
说明:TDE支持的加密算法:
SQL> set linesize 300
SQL> select * from dba_encrypted_columns;
OWNER TABLE_NAME COLUMN_NAME ENCRYPTION_ALG
------------------------------ ------------------------------ ------------------------------ ------------------
ANDY ANDY_TDE COL_TDE AES 192 bits key
SQL> insert into andy_tde values (1,'tde');
1 row created.
SQL> commit;
Commit complete.
SQL> select * from andy_tde;
ID COL_TDE
---------- ---------------------------------
1 tde
6)如果关闭wallet,无法访问加密的数据:
SQL> alter system set wallet close identified by "andy";
System altered.
SQL> select * from andy_tde;
select * from andy_tde
*
ERROR at line 1:
ORA-28365: wallet is not open
7)重新打开wallet,才可以访问加密的数据
SQL> alter system set wallet open identified by "andy";
System altered.
SQL> select * from andy_tde;
ID COL_TDE
---------- ----------------------------
1 tde
本文转自 张冲andy 博客园博客,原文链接:http://www.cnblogs.com/andy6/p/6265870.html ,如需转载请自行联系原作者
