钱夹的作用类似锁,锁相当于存在于服务器上一个位置的文件,钥匙相当于口令;当然文件可以存在于数据库服务器之外
加密算法有:
AES192 192位密钥加密,对称性加密算法:加密与解密使用同一密钥进行
AES128(default) 128位密钥加密,非对称性加密算法:加密与解密使用不同密钥进行,公钥与私钥,例RSA
AES256 256位密钥加密
3DES168 168位密钥加密 DES(Data Encryption Standard数据加密标准)
查看钱夹位置:select * from v$encryption_wallet;
如果没有设定可以在sqlnet.ora中设定
比如编辑次文件追加
encryption_wallet_location=(source=
(method=file)
(method_data=
(directory=/u01/app/oracle/product/12.2.0.1/dbhome_1/network/admin)))
使用alter system命令创建:
alter system set encryption key identified by 123456;创建之后就可以打开|关闭钱夹,默认打开了:
alter system set encryption wallet open|close identified by 123456;实验过程
SQL> select * from v$encryption_wallet;
WRL_TYPE
--------------------
WRL_PARAMETER
--------------------------------------------------------------------------------
STATUS WALLET_TYPE WALLET_OR FULLY_BAC
------------------------------ -------------------- --------- ---------
CON_ID
----------
FILE
/u01/app/oracle/product/12.2.0.1/db_1/network/admin/
NOT_AVAILABLE UNKNOWN SINGLE UNDEFINED
1
SQL> alter system set encryption key identified by "123456";
System altered.
SQL> select * from v$encryption_wallet;
WRL_TYPE
--------------------
WRL_PARAMETER
--------------------------------------------------------------------------------
STATUS WALLET_TYPE WALLET_OR FULLY_BAC
------------------------------ -------------------- --------- ---------
CON_ID
----------
FILE
/u01/app/oracle/product/12.2.0.1/db_1/network/admin/
OPEN PASSWORD SINGLE NO
1
SQL> alter system set encryption wallet open identified by 123456;
alter system set encryption wallet open identified by 123456
*
ERROR at line 1:
ORA-28357: password required to open the wallet
SQL> alter system set encryption wallet open identified by "123456";
alter system set encryption wallet open identified by "123456"
*
ERROR at line 1:
ORA-28354: Encryption wallet, auto login wallet, or HSM is already open
2,透明列级加密
可以在创建表的列上使用加密,比如:
create table t(
id int,
c1 varchar2(10) encrypt,
clob1 clob encrypt using 'AES128'
)lob(clob1) store as securefile(cache);
不再举例
3,表空间加密
直接上例子,下边是创建了一个加密表空间,然后创建了一个普通表,移动到加密表空间中,关闭钱夹,看看效果,这里只是演示生产环境不适用sys用户操作
SQL> create tablespace tbs_sec datafile '/u01/app/oracle/oradata/cdb1/tbs_sec1.dbf' size 50M encryption using '3DES168' default storage(encrypt);
Tablespace created.
SQL> create table t1(id int);
Table created.
SQL> insert into t1 values(1);
1 row created.
SQL> commit;
Commit complete.
SQL> col owner for a10
SQL> col table_name for a20
SQL> col tablespace_name for a30
SQL> select owner,table_name,tablespace_name from dba_tables where table_name='T1' and owner='SYS';
OWNER TABLE_NAME TABLESPACE_NAME
---------- -------------------- ------------------------------
SYS T1 SYSTEM
SQL> alter table sys.t1 move tablespace tbs_sec;
Table altered.
SQL> select owner,table_name,tablespace_name from dba_tables where table_name='T1' and owner='SYS';
OWNER TABLE_NAME TABLESPACE_NAME
---------- -------------------- ------------------------------
SYS T1 TBS_SEC
SQL> select tablespace_name,encrypted from dba_tablespaces;
TABLESPACE_NAME ENC
------------------------------ ---
SYSTEM NO
SYSAUX NO
UNDOTBS1 NO
TEMP NO
USERS NO
TBS_SEC YES
6 rows selected.
SQL> select * from t1;
ID
----------
1
SQL> alter system set encryption wallet close identified by 123456;
alter system set encryption wallet close identified by 123456
*
ERROR at line 1:
ORA-28393: password required to close the wallet
SQL> alter system set encryption wallet close identified by "123456";
System altered.
SQL> select * from t1;
select * from t1
*
ERROR at line 1:
ORA-28365: wallet is not open
SQL> alter table t1 add c1 varchar2(10);
alter table t1 add c1 varchar2(10)
*
ERROR at line 1:
ORA-02002: error while writing to audit trail
ORA-28365: wallet is not open
ORA-28365: wallet is not open
SQL> alter system set encryption wallet open identified by "123456";
System altered.
SQL> SQL> alter table t1 add c1 varchar2(10);
Table altered.
SQL> insert into t1 values(2,'china');
1 row created.
SQL> commit;
Commit complete.
SQL> select * from t1;
ID C1
---------- ----------
1
2 china
SQL> alter system set encryption wallet close identified by "123456";
System altered.
SQL> select * from t1;
select * from t1
*
ERROR at line 1:
ORA-28365: wallet is not open
SQL> select c1 from t1;
select c1 from t1
*
ERROR at line 1:
ORA-28365: wallet is not open