标签:cat 表空间 lte 过程 parent word 查看 text arch
TDE(Transparent Data Encryption ),通过使用wallet 对数据加密,物理上对数据文件中的数据进行加密。
工作过程:
当用户插入数据到需要加密的列中的时候,Oracle 10g从钱夹中获取master密钥,用master密钥解密数据字典中的表密钥,然后用解密后的表密钥加密输入数据,再将加密后的数据保存在数据库中。
当用户查询一个加密列的时候,Oracle 将加密的表密钥从数据字典中取出,再取出master密钥,然后解密表密钥,再用解密后的表密钥来解密磁盘上加密的数据,最后返回明文给用户。
所有操作对用户而言是透明的。
SQL> SELECT * FROM V$ENCRYPTION_WALLET;
WRL_TYPE WRL_PARAMETER STATUS
-------------------- ------------------------------------------------------------ ------------------
file /oracle/app/oracle/admin/PROD/wallet CLOSED
mkdir -p /oracle/app/oracle/admin/PROD/wallet
ENCRYPTION_WALLET_LOCATION=
(SOURCE=
(METHOD=FILE)
(METHOD_DATA=
(DIRECTORY=/oracle/app/oracle/admin/wallet)))
SQL> ALTER SYSTEM SET ENCRYPTION KEY IDENTIFIED BY "oracle";
System altered.
SQL> col WRL_PARAMETER for a60
SQL> set line 200
SQL> SELECT * FROM V$ENCRYPTION_WALLET;
WRL_TYPE WRL_PARAMETER STATUS
-------------------- ------------------------------------------------------------ ------------------
file /oracle/app/oracle/admin/PROD/wallet OPEN
PROD@localhost.localdomain /oracle/app/oracle/admin/PROD/wallet$ ll
total 4
-rw-r--r-- 1 oracle oinstall 2845 Jul 9 06:43 ewallet.p12
PROD@localhost.localdomain /oracle/app/oracle/admin/PROD/wallet$
-- 不能对 sys用户的表加密
SQL> conn hxy/hxy Connected.
CREATE TABLE cust_payment_info
(first_name VARCHAR2(11),
last_name VARCHAR2(10),
order_number NUMBER(5),
credit_card_number VARCHAR2(16) ENCRYPT NO SALT,
active_card VARCHAR2(3));
INSERT INTO cust_payment_info VALUES
(‘Jon‘, ‘Oldfield‘, 10001, ‘5446959708812985‘,‘YES‘);
INSERT INTO cust_payment_info VALUES
(‘Chris‘, ‘White‘, 10002, ‘5122358046082560‘,‘YES‘);
INSERT INTO cust_payment_info VALUES
(‘Alan‘, ‘Squire‘, 10003, ‘5595968943757920‘,‘YES‘);
INSERT INTO cust_payment_info VALUES
(‘Mike‘, ‘Anderson‘, 10004, ‘4929889576357400‘,‘YES‘);
INSERT INTO cust_payment_info VALUES
(‘Annie‘, ‘Schmidt‘, 10005, ‘4556988708236902‘,‘YES‘);
INSERT INTO cust_payment_info VALUES
(‘Elliott‘, ‘Meyer‘, 10006, ‘374366599711820‘,‘YES‘);
INSERT INTO cust_payment_info VALUES
(‘Celine‘, ‘Smith‘, 10007, ‘4716898533036‘,‘YES‘);
INSERT INTO cust_payment_info VALUES
(‘Steve‘, ‘Haslam‘, 10008, ‘340975900376858‘,‘YES‘);
INSERT INTO cust_payment_info VALUES
(‘Albert‘, ‘Einstein‘, 10009, ‘310654305412389‘,‘YES‘);
SQL> select * from cust_payment_info
2 ;
FIRST_NAME LAST_NAME ORDER_NUMBER CREDIT_CARD_NUMB ACT
----------- ---------- ------------ ---------------- ---
Chris White 10002 5122358046082560 YES
Alan Squire 10003 5595968943757920 YES
Mike Anderson 10004 4929889576357400 YES
Annie Schmidt 10005 4556988708236902 YES
Elliott Meyer 10006 374366599711820 YES
Celine Smith 10007 4716898533036 YES
Steve Haslam 10008 340975900376858 YES
Albert Einstein 10009 310654305412389 YES
8 rows selected.
SQL> ALTER SYSTEM SET ENCRYPTION WALLET close identified by oracle;
System altered.
SQL> conn hxy/hxy
Connected.
SQL> select * from cust_payment_info;
select * from cust_payment_info
*
ERROR at line 1:
ORA-28365: wallet is not open
SQL> CREATE TABLESPACE securespace
2 DATAFILE ‘/home/oracle/oracle3/product/11.1.0/db_1/secure01.dbf‘
3 SIZE 150M
4 ENCRYPTION
5 DEFAULT STORAGE(ENCRYPT);
Tablespace created.
SQL> CREATE TABLE customer_payment_info
2 (first_name VARCHAR2(11),
3 last_name VARCHAR2(10),
4 order_number NUMBER(5),
5 credit_card_number VARCHAR2(16),
6 active_card VARCHAR2(3))TABLESPACE securespace;
Table created.
PROD@localhost.localdomain /oracle/app/oracle/product/11.2.0/network/admin$ mkstore -wrl /oracle/app/oracle/product/11.2.0/network/admin/wallet/ -list
Oracle Secret Store Tool : Version 11.2.0.4.0 - Production
Copyright (c) 2004, 2013, Oracle and/or its affiliates. All rights reserved.
Enter wallet password:
Oracle Secret Store entries:
ORACLE.SECURITY.DB.ENCRYPTION.ARMxdklw5k9zv9UpvDKPCDMAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
ORACLE.SECURITY.DB.ENCRYPTION.MASTERKEY
PROD@localhost.localdomain /oracle/app/oracle/product/11.2.0/network/admin/wallet$ ll
total 4
-rw-r--r-- 1 oracle oinstall 2581 Jul 9 08:35 ewallet.p12
标签:cat 表空间 lte 过程 parent word 查看 text arch
原文地址:http://www.cnblogs.com/haoxiaoyu/p/46ab50177dc0997eb2d411f2529b0f4b.html