ORACLE从10g R2开始为备份提供加密功能,通过加密获得的备份,可以保护备份文件,防止备份泄露带来的安全问题。
显示当前数据库的加密算法:
SQL> select * from v$rman_encryption_algorithms;
ALGORITHM_ID ALGORITHM_NAME ALGORITHM_DESCRIPTION IS_ RES
1 AES128 AES 128-bit key YES NO
2 AES192 AES 192-bit key NO NO
3 AES256 AES 256-bit key NO NO
RMAN> show encryption algorithm;
using target database control file instead of recovery catalog
RMAN configuration parameters are:
CONFIGURE ENCRYPTION ALGORITHM ‘AES128’; # default
RMAN中更改加密算法:
RMAN> configure encryption algorithm ‘AES192’;
口令模式加密
该加密方式通过在生成备份集是设置口令,在使用备份集时设置解密口令来实现对备份集的加密,适合转存备份集时使用。
设置备份口令:
RMAN> set encryption on identified by ‘oracle’ only;
executing command: SET encryption
RMAN> run{
2> allocate channel c1 type disk format ‘/u01/rman_dest/rman_users_%p_%M-%D_%t.bak’;
3> backup tablespace users channel c1;
4> release channel c1;
5> }
SQL> select file#,name from v$datafile;
FILE# NAME
1 /u01/app/oracle/oradata/orcl_dup/system01.dbf
3 /u01/app/oracle/oradata/orcl_dup/sysaux01.dbf
4 /u01/app/oracle/oradata/orcl_dup/users01.dbf
5 /u01/app/oracle/oradata/orcl_dup/example01.dbf
6 /u01/app/oracle/oradata/orcl_dup/tts01.dbf
7 /u01/app/oracle/oradata/orcl_dup/tts02.dbf
8 /u01/app/oracle/oradata/orcl_dup/undotbs001.dbf
模拟损坏,进行测试
[oracle@node1 ~]$ rm -rf /u01/app/oracle/oradata/orcl_dup/users01.dbf
RMAN> shutdown abort;
using target database control file instead of recovery catalog
Oracle instance shut down
RMAN> startup mount;
connected to target database (not started)
Oracle instance started
database mounted
Total System Global Area 167772160 bytes
Fixed Size 1218316 bytes
Variable Size 88082676 bytes
Database Buffers 75497472 bytes
Redo Buffers 2973696 bytes
此时恢复数据文件会提示wallet is not open错误
RMAN> restore datafile 4;
Starting restore at 09-JUL-14
allocated channel: ORA_DISK_1
channel ORA_DISK_1: sid=157 devtype=DISK
channel ORA_DISK_1: starting datafile backupset restore
channel ORA_DISK_1: specifying datafile(s) to restore from backup set
restoring datafile 00004 to /u01/app/oracle/oradata/orcl_dup/users01.dbf
channel ORA_DISK_1: reading from backup piece /u01/rman_dest/rman_users_1_07-09_852462004.bak
RMAN-00571: ===========================================================
RMAN-00569: =============== ERROR MESSAGE STACK FOLLOWS ===============
RMAN-00571: ===========================================================
RMAN-03002: failure of restore command at 07/09/2014 11:05:00
ORA-19870: error reading backup piece /u01/rman_dest/rman_users_1_07-09_852462004.bak
ORA-19913: unable to decrypt backup
ORA-28365: wallet is not open
指定解密密码
RMAN> set decryption identified by ‘oracle’;
executing command: SET decryption
RMAN> restore datafile 4;
Starting restore at 09-JUL-14
using channel ORA_DISK_1
channel ORA_DISK_1: starting datafile backupset restore
channel ORA_DISK_1: specifying datafile(s) to restore from backup set
restoring datafile 00004 to /u01/app/oracle/oradata/orcl_dup/users01.dbf
channel ORA_DISK_1: reading from backup piece /u01/rman_dest/rman_users_1_07-09_852462004.bak
channel ORA_DISK_1: restored backup piece 1
piece handle=/u01/rman_dest/rman_users_1_07-09_852462004.bak tag=TAG20140709T110003
channel ORA_DISK_1: restore complete