钱夹密码可通过 Oracle Wallet Manager 或 orapki 实用程序来更改。强烈建议在更改钱夹密码之前对 Oracle 钱夹进行备份。更改钱夹密码不会更改 TDE 主密钥(它们彼此独立)
钱夹密码应至少包含 8 个字母和数字字符,否则会报错 PKI-01002错误。
PKI-01002: Invalid password:Passwords must have a minimum length of eight characters and contain alphabetic characters combined with numbers or special characters.
您可以通过 Oracle Wallet Manager (OWM) 更改钱夹密码。在尝试更改钱夹密码前,请创建备份,并已在测试系统进行了验证。更改钱夹密码不会更改主密钥(它们彼此独立)。
也允许通过orapki 命令行更改钱夹密码,参考命令:
$ orapki wallet change_pwd -wallet <wallet_location>
[oracle@cent6 ~]$ orapki wallet change_pwd -wallet $ORACLE_BASE/admin/main/wallet
Oracle PKI Tool : Version 11.2.0.4.0 - Production
Copyright (c) 2004, 2013, Oracle and/or its affiliates. All rights reserved.
Enter wallet password: 旧密码
New password:
Enter wallet password: 新密码
[oracle@cent6 ~]$
SQL> ALTER SYSTEM SET ENCRYPTION WALLET OPEN IDENTIFIED BY "Schina1234";
System altered.
--已打开的钱包还要使用旧密码关闭,否则会报密码不匹配错误
SQL> ALTER SYSTEM SET ENCRYPTION WALLET CLOSE IDENTIFIED BY "Sec$123456";
ALTER SYSTEM SET ENCRYPTION WALLET CLOSE IDENTIFIED BY "Sec$123456"
*
ERROR at line 1:
ORA-28391: cannot close wallet or HSM, password mismatch
SQL> ALTER SYSTEM SET ENCRYPTION WALLET CLOSE IDENTIFIED BY "Schina1234";
System altered.
--重新打开时使用新密码
SQL> ALTER SYSTEM SET ENCRYPTION WALLET OPEN IDENTIFIED BY "Sec$123456";
System altered.
SQL>