11G Wallet Configuration

 WALLET CONFIGURATION, TABLESPACE & TABLE LEVEL ENCRYPTION

1.       Create Directory for Wallet

mkdir -p $ORACLE_BASE/admin/$ORACLE_SID/wallet

2.       Add Entry in Sqlnet.ora

cd $ORACLE_HOME/network/admin

vi sqlnet.ora

ENCRYPTION_WALLET_LOCATION=   (SOURCE=(METHOD=FILE)(METHOD_DATA=     (DIRECTORY=/u01/app/oracle/product/11.2.0/db_1/network/admin/WALLET)))

                Where DIRECTORY – Wallet Directory Location

                

3.       Create the Encrypted Key

alter system set encryption key authenticated by “Password”;

Give your own password.

4.       How to Open & Close Wallet

ALTER SYSTEM SET ENCRYPTION WALLET CLOSE IDENTIFIED BY “Password”;

ALTER SYSTEM SET ENCRYPTION WALLET OPEN IDENTIFIED BY “Password”;

When to use OPEN & CLOSE WALLET,

Each and every time your instance is shutdown your wallet must be OPEN else you will get error.

5.       TABLESPACE ENCRYPTION

Let us try Tablespace encryption. You should use the ENCRYPT Clause in STORAGE CLAUSE. There are so many encryption algorithms available. Other Algorithm which can be used areAES128,AES192, AED256, 3DES168

6.       TESTING ENCRYPTION:

First let’s create a table in HARISH user and insert data.

You can use the strings parameter and get the values present in the datafile for normal tablespaces.For encrypted tablespaces you cannot get the data. Even If you use editors like HEX and others the encrypted tablespace’s datafile will not display values.

7.       Table Encryption

We are first creating a tablespace

Then create a table and encrypt one column

                       

Here we have insert data in two columns

1.       NAME – HARISH

2.       CREDITCARDNO – 2007856478652345

If you see the below screenshot I used the strings parameter.

Strings parameter can be used to read contents of datafile or any file which has data.

Here we have encrypted the creditcardno column hence those values alone are not displayed but from database perspective you can query the data normally.

We can use the USER_ENCRYPTED_COLUMNS TO CHECK WHICH VALUES ARE ENCRYPTED.

Issues Faced:

During Creation of Wallet I created it another location.

       ORA-28368: cannot auto-create wallet

In a word this is Oracle bug. Oracle identifies it as bug Bug 5551624 when ORA-28353 can occur creating a Wallet on 64bit platforms. But I see error happens on 32 but platforms as well. This error will also be reported if you don't have wallet folder inside default wallet installation directory $ORACLE_BASE/admin/$ORACLE_SID. The default location may not work on some 64 bit platforms.

                       References: Bug 4956266: ORA-28353 WHEN CREATING WALLET