透明加密 实验

1. 透明加密的前提条件是要存在钱包（wallet), 并且钱包为打开状态
2. 创建用于保存密钥的wallet,有两种方式，一是采用图形方式，即用own命令打开图形化界面，
3. 本次试验采用命令方式来完成

1. 1. 在sqlnet.ora中添加必要的信息
      

      点击(此处)折叠或打开
   2. [oracle@host01 ~]$ cd $ORACLE_HOME/network/admin
      

[oracle@host01 admin]$
[oracle@host01 admin]$ ls
samples shrept.lst
[oracle@host01 admin]$ vi sqlnet.ora
wallet_location=(source=(method=file)(method_data=(directory=/u01/app/oracle)))

创建钱包设置密码

点击(此处)折叠或打开

SQL> alter system set encryption key identified by oracle;

System altered.

SQL> select * from v$encryption_wallet;

WRL_TYPE                    WRL_PARAMETER             STATUS
-------------------- -------------------- ------------------
file                      /u01/app/oracle               OPEN
关闭、打开钱包

点击(此处)折叠或打开

alter system set encryption wallet close identified by oracle;

System altered.

SQL> select * from v$encryption_wallet;

WRL_TYPE                   WRL_PARAMETER              STATUS
-------------------- -------------------- ------------------
file                     /u01/app/oracle              CLOSED

SQL> alter system set encryption wallet open identified by oracle;

System altered.

SQL> select * from v$encryption_wallet;

WRL_TYPE                   WRL_PARAMETER               STATUS
-------------------- -------------------- ------------------
file                       /u01/app/oracle              OPEN 修改RMAN参数，启用透明加密（默认为未启用）

点击(此处)折叠或打开

RMAN> show encryption for database;

using target database control file instead of recovery catalog
RMAN configuration parameters for database with db_unique_name PROD1 are:
CONFIGURE ENCRYPTION FOR DATABASE OFF; # default

RMAN> configure encryption for database on;

new RMAN configuration parameters:
CONFIGURE ENCRYPTION FOR DATABASE ON;
new RMAN configuration parameters are successfully stored

RMAN> show encryption for database;

RMAN configuration parameters for database with db_unique_name PROD1 are:
CONFIGURE ENCRYPTION FOR DATABASE ON;
备份users表空间（钱包为打开状态）

点击(此处)折叠或打开

RMAN> backup tablespace users;

Starting backup at 07-APR-17
allocated channel: ORA_DISK_1
channel ORA_DISK_1: SID=43 device type=DISK
ignoring encryption for proxy or image copies
channel ORA_DISK_1: starting datafile copy
input datafile file number=00004 name=/u01/app/oracle/oradata/PROD1/users01.dbf
output file name=/u01/app/oracle/product/11.2.0/dbhome_1/dbs/data_D-PROD1_I-2157889328_TS-USERS_FNO-4_1es14akd tag=TAG20170407T213717 RECID=9 STAMP=940714637
channel ORA_DISK_1: datafile copy complete, elapsed time: 00:00:01
Finished backup at 07-APR-17

Starting Control File and SPFILE Autobackup at 07-APR-17
piece handle=/u01/app/oracle/product/11.2.0/dbhome_1/dbs/c-2157889328-20170407-0b comment=NONE
Finished Control File and SPFILE Autobackup at 07-APR-17
备份users表空间（钱包为关闭状态）

点击(此处)折叠或打开

SQL> alter system set encryption wallet close identified by oracle;

System altered.

RMAN恢复users表空间

点击(此处)折叠或打开

RMAN> restore tablespace users;

Starting restore at 09-APR-17
allocated channel: ORA_DISK_1
channel ORA_DISK_1: SID=18 device type=DISK

channel ORA_DISK_1: starting datafile backup set restore
channel ORA_DISK_1: specifying datafile(s) to restore from backup set
channel ORA_DISK_1: restoring datafile 00004 to /u01/app/oracle/oradata/PROD1/users01.dbf
channel ORA_DISK_1: reading from backup piece /u01/app/oracle/product/11.2.0/dbhome_1/dbs/03s1940i_1_1
RMAN-00571: ===========================================================
RMAN-00569: =============== ERROR MESSAGE STACK FOLLOWS ===============
RMAN-00571: ===========================================================
RMAN-03002: failure of restore command at 04/09/2017 17:19:17
ORA-19870: error while restoring backup piece /u01/app/oracle/product/11.2.0/dbhome_1/dbs/03s1940i_1_1
ORA-19913: unable to decrypt backup
ORA-28365: wallet is not open 提示的错误很明白，钱包没有打开 打开钱包，恢复users表空间

点击(此处)折叠或打开

SQL> alter system set encryption wallet open identified by oracle;

System altered.

RMAN> restore tablespace users;

Starting restore at 09-APR-17
using target database control file instead of recovery catalog
allocated channel: ORA_DISK_1
channel ORA_DISK_1: SID=1 device type=DISK

channel ORA_DISK_1: starting datafile backup set restore
channel ORA_DISK_1: specifying datafile(s) to restore from backup set
channel ORA_DISK_1: restoring datafile 00004 to /u01/app/oracle/oradata/PROD1/users01.dbf
channel ORA_DISK_1: reading from backup piece /u01/app/oracle/product/11.2.0/dbhome_1/dbs/03s1940i_1_1
channel ORA_DISK_1: piece handle=/u01/app/oracle/product/11.2.0/dbhome_1/dbs/03s1940i_1_1 tag=TAG20170409T171458
channel ORA_DISK_1: restored backup piece 1
channel ORA_DISK_1: restore complete, elapsed time: 00:00:01
Finished restore at 09-APR-17

点击(此处)折叠或打开

1. RMAN> recover tablespace users;
   
2. 
   
3. Starting recover at 09-APR-17
   
4. using channel ORA_DISK_1
   
5. 
   
6. starting media recovery
   
7. media recovery complete, elapsed time: 00:00:00
   
8. 
   
9. Finished recover at 09-APR-17
   
10. 
    
11. RMAN> alter database open;
    
12. 
    
13. database opened

来自 “ ITPUB博客 ” ，链接：http://blog.itpub.net/31405405/viewspace-2136871/，如需转载，请注明出处，否则将追究法律责任。

转载于:http://blog.itpub.net/31405405/viewspace-2136871/