It began to appear transparent data encryption (Transparent Data Encryption, TDE) from ORALE 10GR2.
TDE is used to encrypt the data, usually SQL application logic execution need not be changed, still running. In other words, applications can use the same syntax to insert data into an application table and the Oracle database before writing information to disk automatically encrypts the data. Subsequent select operations will transparently decrypt the data, so the application will continue to run normally. This is important, because the current application is often desirable unencrypted application data. Show encrypted data at least make the application user puzzled, or even break existing applications.
Set the encryption key:
Oracle Transparent Data Encryption provides encryption key management infrastructure required to implement. Encryption works by the plaintext data and secret (called key) passed to the encryption program. Encryption programs use supplied key to encrypt the plaintext data, and then returns the encrypted data. In the past, creating and maintaining the key task is completed by the application. Oracle Transparent Data Encryption through the entire database to automatically generate a master key to solve this problem. In starting the Oracle database, the system administrator must use a different password or a password to open a password DBA Oracle Wallet object. The administrator then initializes the database master key. The master key is generated automatically.
Prepare the database for encryption
Add a ENCRYPTED_WALLET_LOCATION entry in $ ORACLE_HOME / network / admin in the sqlnet.ora.
ENCRYPTION_WALLET_LOCATION = (SOURCE = (METHOD = FILE) (METHOD_DATA = (DIRECTORY = / u01 / oracle / product / 22.214.171.124.0 / wallet /)))
Execute the following statement into the database
alter system set key identified by "welcome"
If prompted with the following error indicates that there is no wallet is created automatically, it may be because the need to manually create the directory wallet
ORA-28368: can not auto-create wallet
Wallet directory manually create and grant the oracle user access.
alter system set key identified by "welcome";
SQL> conn hr / hr
SQL> create table test (id number, credit_card_number varchar2 (16) ENCRYPT NO SALT);
SQL> insert into test values (1, '12312432');
1 row created.
SQL> insert into test values (2, '33245235');
SQL> select * from test;
This is the time to see the encrypted data again after the restart when the inquiry will not be able to see the encrypted data. This time need to open the wallet can view the encrypted data
alter system set wallet open identified by "welcome1";
sys user table can not be encrypted