RMAN备份与恢复之加密备份

ORACLE从10g R2开始为备份提供加密功能，通过加密获得的备份，可以保护备份文件，防止备份泄露带来的安全问题。

显示当前数据库的加密算法：

SQL> select * from v$rman_encryption_algorithms;

ALGORITHM_ID ALGORITHM_NAME ALGORITHM_DESCRIPTION IS_ RES

---

       1 AES128               AES 128-bit key                YES NO
       2 AES192               AES 192-bit key                NO  NO
       3 AES256               AES 256-bit key                NO  NO

RMAN> show encryption algorithm;

using target database control file instead of recovery catalog
RMAN configuration parameters are:
CONFIGURE ENCRYPTION ALGORITHM ‘AES128’; # default

RMAN中更改加密算法：
RMAN> configure encryption algorithm ‘AES192’;

口令模式加密
该加密方式通过在生成备份集是设置口令，在使用备份集时设置解密口令来实现对备份集的加密，适合转存备份集时使用。
设置备份口令：
RMAN> set encryption on identified by ‘oracle’ only;
executing command: SET encryption

RMAN> run{
2> allocate channel c1 type disk format ‘/u01/rman_dest/rman_users_%p_%M-%D_%t.bak’;
3> backup tablespace users channel c1;
4> release channel c1;
5> }

SQL> select file#,name from v$datafile;

 FILE# NAME

---

     1 /u01/app/oracle/oradata/orcl_dup/system01.dbf
     3 /u01/app/oracle/oradata/orcl_dup/sysaux01.dbf
     4 /u01/app/oracle/oradata/orcl_dup/users01.dbf
     5 /u01/app/oracle/oradata/orcl_dup/example01.dbf
     6 /u01/app/oracle/oradata/orcl_dup/tts01.dbf
     7 /u01/app/oracle/oradata/orcl_dup/tts02.dbf
     8 /u01/app/oracle/oradata/orcl_dup/undotbs001.dbf

模拟损坏，进行测试
[oracle@node1 ~]$ rm -rf /u01/app/oracle/oradata/orcl_dup/users01.dbf

RMAN> shutdown abort;

using target database control file instead of recovery catalog
Oracle instance shut down

RMAN> startup mount;

connected to target database (not started)
Oracle instance started
database mounted

Total System Global Area 167772160 bytes

Fixed Size 1218316 bytes
Variable Size 88082676 bytes
Database Buffers 75497472 bytes
Redo Buffers 2973696 bytes

此时恢复数据文件会提示wallet is not open错误
RMAN> restore datafile 4;

Starting restore at 09-JUL-14
allocated channel: ORA_DISK_1
channel ORA_DISK_1: sid=157 devtype=DISK

channel ORA_DISK_1: starting datafile backupset restore
channel ORA_DISK_1: specifying datafile(s) to restore from backup set
restoring datafile 00004 to /u01/app/oracle/oradata/orcl_dup/users01.dbf
channel ORA_DISK_1: reading from backup piece /u01/rman_dest/rman_users_1_07-09_852462004.bak
RMAN-00571: ===========================================================
RMAN-00569: =============== ERROR MESSAGE STACK FOLLOWS ===============
RMAN-00571: ===========================================================
RMAN-03002: failure of restore command at 07/09/2014 11:05:00
ORA-19870: error reading backup piece /u01/rman_dest/rman_users_1_07-09_852462004.bak
ORA-19913: unable to decrypt backup
ORA-28365: wallet is not open

指定解密密码
RMAN> set decryption identified by ‘oracle’;
executing command: SET decryption

RMAN> restore datafile 4;

Starting restore at 09-JUL-14
using channel ORA_DISK_1

channel ORA_DISK_1: starting datafile backupset restore
channel ORA_DISK_1: specifying datafile(s) to restore from backup set
restoring datafile 00004 to /u01/app/oracle/oradata/orcl_dup/users01.dbf
channel ORA_DISK_1: reading from backup piece /u01/rman_dest/rman_users_1_07-09_852462004.bak
channel ORA_DISK_1: restored backup piece 1
piece handle=/u01/rman_dest/rman_users_1_07-09_852462004.bak tag=TAG20140709T110003
channel ORA_DISK_1: restore complete