About encrypting database in oracle 19c

User_MI6PG

I have known several way to encrypt the database, there is: using 2 package DBMS_OBFUSCATION_TOOLKIT or DBMS_CRYPTO, or using TDE. I don't know if I get it right. But is there any way else to encrypt the database? Which one is the most common and should be used.

Thank you!

Solomon Yakobson

Depending on your version in addition to application tablespacese you can (starting, I believe, 12.2) use TDE on SYSTEM, SYSAUX, UNDO & TEMP tablespaces. However Oracle doesn't recommend TDE on SYSTEM, SYSAUX, UNDO & TEMP tablespaces:

" If you encrypt the SYSTEM, SYSAUX, TEMP, or UNDO tablespace, then never close the keystore manually, even if you later decrypt the tablespace by using the ALTER TABLESPACE SQL statement."

Therefore, encryption of SYSTEM, SYSAUX, TEMP, UNDO tablespace encryption is not recommended. And it is necessary to judge carefully when encrypting.

SY.

User_MI6PG

https://community.oracle.com/tech/developers/discussion/comment/16816403#Comment_16816403

I think I need to reading more document to understand clearly what you say. Thanks for respond.

I have one more problem while practicing encrypt using TDE. When I type this command:

SQL>conn userManagement;

SQL> alter table Employee modify (Salary encrypt);

It said: ORA-28361: master key not yet set

But along previous days ago, I have already created one master key, I don't know why that error come. So I try to set a new master key by:

SQL> conn / as sysdba;

SQL> ADMINISTER KEY MANAGEMENT SET KEY IDENTIFIED BY "5" WITH BACKUP;

And it said: ORA-28362: master key not found

Can you show me the point where cause the errors? I have no ideas what to do next. (explanation: 5 is my wallet key, it is simple because I'm just a student practicing my own homework). When I ask you this question, I did so many way to solve it but not work, so I don't mind if you recommend me some way to delete the wallet or make a new one. I have also check status of wallet, check location, delete folder wallet and create another, ect but still hopeless.

Hope you will rescue me out of this morass T.T

Solomon Yakobson

Did you specify ENCRYPTION_WALLET_LOCATION in sqlnet.ora (on database server side)?

SY.

User_MI6PG

https://community.oracle.com/tech/developers/discussion/comment/16816416#Comment_16816416

of course I did. It look like this in sqlnet.ora

# sqlnet.ora Network Configuration File: C:\Users\Thuy\Desktop\WINDOWS.X64_193000_db_home\NETWORK\ADMIN\sqlnet.ora

# Generated by Oracle configuration tools.

# This file is actually generated by netca. But if customers choose to 

# install "Software Only", this file wont exist and without the native 

# authentication, they will not be able to connect to the database on NT.

SQLNET.AUTHENTICATION_SERVICES= (NTS)

NAMES.DIRECTORY_PATH= (TNSNAMES, EZCONNECT)

ENCRYPTION_WALLET_LOCATION=

(SOURCE=

(METHOD=file)

(METHOD_DATA=

(DIRECTORY=C:\Users\Thuy\Desktop\WINDOWS.X64_193000_db_home\NETWORK\ADMIN\wallet1)

)

)

and in my folder wallet1 appear 3 things, I don't know what it called: ewallet.p12, ewallet_2021112013190223.p12, ewallet_2021112014014045.p12.

Solomon Yakobson

Wallet will be open by user oracle is installed under so C:\Users\Thuy is questionable. What do you get when issue:

select WRL_TYPE, WRL_PARAMETER, STATUS, CON_ID from v$encryption_wallet;

In addition 19C allows specifying wallet location in initialization parameter WALLET_ROOT

SY.

User_MI6PG

https://community.oracle.com/tech/developers/discussion/comment/16816558#Comment_16816558

I get this. Sorry for not reply in time. My device don't get the notification.

So you mean my configure path is wrong? I will check it out.

thatJeffSmith-Oracle

This needs moved to either the database or the security forums.