SlideShare a Scribd company logo

Tde oracle customer_demo

Download as PPTX, PDF
Viaggio Italia
Viaggio Italia

Presentation abour Oracle TDe 11gr2

Design
1 of 25
26-May-2016 TDE – Transparant data encryption Gino D’ Alfonso
22 Transparent Data Encryption
33 Transparent Data Encryption What is it not It’s no data masking
44 Transparent Data Encryption What is it not It’s no data redaction
55 Transparent Data Encryption
66 Transparent Data Encryption How to Install tde on database. Sqlnet.ora needs following line ENCRYPTION_WALLET_LOCATION = (SOURCE = (METHOD = FILE) (METHOD_DATA = (DIRECTORY = /u01/app/oracle/admin/$ORACLE_UNQNAME/tde_wallet))) Only oracle access to directory chmod 600 ewallet.p12 Avoding deleting TDE wallet chattr +i ewallet.p12 chattr +i cwallet.cso
77 Transparent Data Encryption How to Install tde on database. Auto logging versus local logging Opening the wallet is a manual operation and must be performed to make the master encryption key available to the database $ orapki wallet create –wallet <wallet location> -auto_login Creates file ewallet.cso $ orapki wallet create –wallet <wallet location> -auto_login_local local auto-open wallet can be created, starting with Oracle Database 11.1.0.7; it does not open on any machine other than the one it was created on.
8 Separation of duties Wallet password is separate from System or DBA password No access to wallet
99 Transparent Data Encryption HOW? • The encryption is done at the operating system level, where data is stored OWNER_EVL@TEST1_1 SQL> select * from SECURE_CUSTOMER_INFO; NAME ACCOUNT_NR ------------------------------ ---------- Semira 123456789 Mehrdad 223456789 Geert 323456789 $ strings testelvd |grep -i Geert Geert
1010 Transparent Data Encryption HOW? • The encryption is done at the operating system level, where data is stored OWNER_ABC@TEST1_1 SQL> select * from SECURE_CUSTOMER_INFO; NAME ACCOUNT_NR ------------------------------ ---------- Semira 123456789 Mehrdad 223456789 Geert 323456789 NewCstmer 123456777 $ strings testtablespaceABCD |grep -i Geert
1111 Transparent Data Encryption The way to encrypt • Tablespace level Better performance You can’t find all columns with sensitive data Data type/data length not supported by column encryption Sensitive column is foreign key Index type is other then b-tree Range scan search through an index
1212 Transparent Data Encryption Migration Tablespace level • Existing data must be move to encrypted tablespace. • Can be done online or offline.. • Using dataguard trasient logical standby Downtime < 5 Minutes is the best way.
13 Transparent Data Encryption
1414 Transparent Data Encryption RESTRICTIONS of TDE • Only protects data stored on disk/media, not the data in transit • Decrease performance /Column only • TDE can't be enabled on a SYS-owned table • RMAN backups – not with image copies
1515 Transparent Data Encryption
1616 Transparent Data Encryption
1717 Transparent Data Encryption
1818 Risk when using Transparent Data Encryption LOST OF AUTOLOGIN WALLET Deleted the file cwallet.sso (the autologin wallet) on the o.s.-level. Result: SQL> select * from emp; –> no problem reading the data, as expected, it’s just the auto-login wallet. - Shutdown , startup database: no problem with starting the database - SQL> select * from emp; ---> ORA-28365: wallet is not open. - SQL> ALTER SYSTEM SET ENCRYPTION WALLET OPEN IDENTIFIED BY “<password>”; - SQL> select * from emp; --> works again.
1919 Risk when using Transparent Data Encryption LOST OF WALLET WITH MASTER KEY. Deleted the ewallet.p12 too. Result: SQL> select * from emp; --> No problem in reading the data, key is read from the database (but when will I find out I’ve lost my wallet?). - SQL> Shutdown , startup database: --> No problem to startup. No errors in alert-file also. - SQL> select * from emp; –> This gives ORA-28365: wallet is not open
2020 Risk when using Transparent Data Encryption LOST OF WALLET WITH MASTER KEY. Backup is done of ewallet.p12 by OS Backup Backup is done every day. So Restore can be done. Backup is done of cwallet.sso. Separated from ewallet.p12 So Restore can be done.
2121 Appendix A Physical standby database • Yes it works • As long as the wallet is available on standby site. After creating wallet for primary database redo apply on standby stops immediately. You see the following in the alert file of the standby database. Apply redo for database master key re-key failed: new master key does not exist in the keystore MRP0: Background Media Recovery terminated with error 28374 Errors in file /u01/app/oracle/diag/rdbms/test1_01/TEST1_1/trace/TEST1_1_pr00_8912.trc: ORA-28374: typed master key not found in wallet Mon May 09 16:32:17 2016 Managed Standby Recovery not using Real Time Apply Recovery interrupted! solution: copy wallet to standby site’s
2222 Appendix B Rekey Wallet -- How do I change (rotate, re-key) the encryption keys? . First copy the current wallet files to backup directory . change wallet password $ orapki wallet change_pwd -wallet /u01/app/oracle/admin/TEST1_02/tde_wallet Oracle PKI Tool : Version 11.2.0.4.0 - Production Copyright (c) 2004, 2013, Oracle and/or its affiliates. All rights reserved. Enter wallet password: New password: . Now change the master key SYS@TEST1_1 SQL> alter system set encryption key identified by "Secret"; System altered. . Now copy wallet files to other nodes for Rac or candidate servers for Rac-One.
2323 Appendix B Rekey Wallet -- How do I change (rotate, re-key) the encryption keys? . Now use orapki wallet display -wallet to validate the new password $ orapki wallet display -wallet /u01/app/oracle/admin/ADBA1_02/tde_wallet Oracle PKI Tool : Version 11.2.0.4.0 - Production Copyright (c) 2004, 2013, Oracle and/or its affiliates. All rights reserved. Requested Certificates: Subject: CN=oracle User Certificates: Oracle Secret Store entries: ORACLE.SECURITY.DB.ENCRYPTION.ARdWiPlpNk//v21yGHOQSCIAAAAAAAAAAAAAAAAAAAAAAAAAAAAA ORACLE.SECURITY.DB.ENCRYPTION.ASI051MIg0+tv2umfj9rUiMAAAAAAAAAAAAAAAAAAAAAAAAAAAAA ORACLE.SECURITY.DB.ENCRYPTION.ATWs+inFQ09Fv7JneP6xBrwAAAAAAAAAAAAAAAAAAAAAAAAAAAAA ORACLE.SECURITY.DB.ENCRYPTION.MASTERKEY ORACLE.SECURITY.TS.ENCRYPTION.BTks5HXDwpxFD/olKnblkckCAwAAAAAAAAAAAAAAAAAAAAAAAAAA Trusted Certificates: The red line is the new password for the wallet.
2424 Appendix B Rekey Wallet -- How do I change (rotate, re-key) the encryption keys? Physical standby database After rekey wallet for primary database redo apply on standby stops immediately. You see the following in the alert file of the standby database. Apply redo for database master key re-key failed: new master key does not exist in the keystore MRP0: Background Media Recovery terminated with error 28374 Errors in file /u01/app/oracle/diag/rdbms/test1_01/TEST1_1/trace/TEST1_1_pr00_8912.trc: ORA-28374: typed master key not found in wallet Mon May 09 16:32:17 2016 Managed Standby Recovery not using Real Time Apply Recovery interrupted! solution: copy wallet to standby site’s
2525

Recommended

Oracle advance security transparent data encryption best practices
Oracle advance security transparent data encryption best practices Oracle advance security transparent data encryption best practices
Oracle advance security transparent data encryption best practices FITSFSd
 
Odv oracle customer_demo
Odv oracle customer_demoOdv oracle customer_demo
Odv oracle customer_demoViaggio Italia
 
Oracle Transparent Data Encryption (TDE) 12c
Oracle Transparent Data Encryption (TDE) 12cOracle Transparent Data Encryption (TDE) 12c
Oracle Transparent Data Encryption (TDE) 12cNabeel Yoosuf
 
Troubleshooting Tips and Tricks for Database 19c - Sangam 2019
Troubleshooting Tips and Tricks for Database 19c - Sangam 2019Troubleshooting Tips and Tricks for Database 19c - Sangam 2019
Troubleshooting Tips and Tricks for Database 19c - Sangam 2019Sandesh Rao
 
AUSOUG Oracle Password Security
AUSOUG Oracle Password SecurityAUSOUG Oracle Password Security
AUSOUG Oracle Password SecurityStefan Oehrli
 
Manual Tecnico OGG Oracle to MySQL
Manual Tecnico OGG Oracle to MySQLManual Tecnico OGG Oracle to MySQL
Manual Tecnico OGG Oracle to MySQLErick Vidbaz
 
Security Best Practice: Oracle passwords, but secure!
Security Best Practice: Oracle passwords, but secure!Security Best Practice: Oracle passwords, but secure!
Security Best Practice: Oracle passwords, but secure!Stefan Oehrli
 
Oracle GoldenGate
Oracle GoldenGateOracle GoldenGate
Oracle GoldenGateAnar Godjaev
 

Recommended

Oracle advance security transparent data encryption best practices
Oracle advance security transparent data encryption best practices Oracle advance security transparent data encryption best practices
Oracle advance security transparent data encryption best practices FITSFSd
 
Odv oracle customer_demo
Odv oracle customer_demoOdv oracle customer_demo
Odv oracle customer_demoViaggio Italia
 
Oracle Transparent Data Encryption (TDE) 12c
Oracle Transparent Data Encryption (TDE) 12cOracle Transparent Data Encryption (TDE) 12c
Oracle Transparent Data Encryption (TDE) 12cNabeel Yoosuf
 
Troubleshooting Tips and Tricks for Database 19c - Sangam 2019
Troubleshooting Tips and Tricks for Database 19c - Sangam 2019Troubleshooting Tips and Tricks for Database 19c - Sangam 2019
Troubleshooting Tips and Tricks for Database 19c - Sangam 2019Sandesh Rao
 
AUSOUG Oracle Password Security
AUSOUG Oracle Password SecurityAUSOUG Oracle Password Security
AUSOUG Oracle Password SecurityStefan Oehrli
 
Manual Tecnico OGG Oracle to MySQL
Manual Tecnico OGG Oracle to MySQLManual Tecnico OGG Oracle to MySQL
Manual Tecnico OGG Oracle to MySQLErick Vidbaz
 
Security Best Practice: Oracle passwords, but secure!
Security Best Practice: Oracle passwords, but secure!Security Best Practice: Oracle passwords, but secure!
Security Best Practice: Oracle passwords, but secure!Stefan Oehrli
 
Oracle GoldenGate
Oracle GoldenGateOracle GoldenGate
Oracle GoldenGateAnar Godjaev
 
MySQL 8.0 Operational Changes
MySQL 8.0 Operational ChangesMySQL 8.0 Operational Changes
MySQL 8.0 Operational ChangesDave Stokes
 
IaC MeetUp Active Directory Setup for Oracle Security LAB
IaC MeetUp Active Directory Setup for Oracle Security LABIaC MeetUp Active Directory Setup for Oracle Security LAB
IaC MeetUp Active Directory Setup for Oracle Security LABStefan Oehrli
 
MySQL Replication Update - DEbconf 2020 presentation
MySQL Replication Update - DEbconf 2020 presentationMySQL Replication Update - DEbconf 2020 presentation
MySQL Replication Update - DEbconf 2020 presentationDave Stokes
 
Security Best Practice: Oracle passwords, but secure!
Security Best Practice: Oracle passwords, but secure!Security Best Practice: Oracle passwords, but secure!
Security Best Practice: Oracle passwords, but secure!Stefan Oehrli
 
Indexes From the Concept to Internals
Indexes From the Concept to InternalsIndexes From the Concept to Internals
Indexes From the Concept to InternalsDeiby Gómez
 
Database 12c is ready for you... Are you ready for 12c?
Database 12c is ready for you... Are you ready for 12c?Database 12c is ready for you... Are you ready for 12c?
Database 12c is ready for you... Are you ready for 12c?Performance Tuning Corporation
 
Datacon LA - MySQL without the SQL - Oh my!
Datacon LA - MySQL without the SQL - Oh my! Datacon LA - MySQL without the SQL - Oh my!
Datacon LA - MySQL without the SQL - Oh my! Dave Stokes
 
MySQL Utilities -- PyTexas 2015
MySQL Utilities -- PyTexas 2015MySQL Utilities -- PyTexas 2015
MySQL Utilities -- PyTexas 2015Dave Stokes
 
Ohio Linux Fest -- MySQL's NoSQL
Ohio Linux Fest -- MySQL's NoSQLOhio Linux Fest -- MySQL's NoSQL
Ohio Linux Fest -- MySQL's NoSQLDave Stokes
 
JavaScript and Friends August 20th, 20201 -- MySQL Shell and JavaScript
JavaScript and Friends August 20th, 20201 -- MySQL Shell and JavaScriptJavaScript and Friends August 20th, 20201 -- MySQL Shell and JavaScript
JavaScript and Friends August 20th, 20201 -- MySQL Shell and JavaScriptDave Stokes
 
MySQL's NoSQL -- Texas Linuxfest August 22nd 2015
MySQL's NoSQL -- Texas Linuxfest August 22nd 2015MySQL's NoSQL -- Texas Linuxfest August 22nd 2015
MySQL's NoSQL -- Texas Linuxfest August 22nd 2015Dave Stokes
 
MythBusters Globalization Support - Avoid Data Corruption
MythBusters Globalization Support - Avoid Data CorruptionMythBusters Globalization Support - Avoid Data Corruption
MythBusters Globalization Support - Avoid Data CorruptionChristian Gohmann
 
Oracle11g suse11 ilker bakir
Oracle11g suse11 ilker bakirOracle11g suse11 ilker bakir
Oracle11g suse11 ilker bakirilkerb
 
MySQL Shell for DBAs
MySQL Shell for DBAsMySQL Shell for DBAs
MySQL Shell for DBAsFrederic Descamps
 
PNWPHP -- What are Databases so &#%-ing Difficult
PNWPHP -- What are Databases so &#%-ing DifficultPNWPHP -- What are Databases so &#%-ing Difficult
PNWPHP -- What are Databases so &#%-ing DifficultDave Stokes
 
Postgre sql best_practices
Postgre sql best_practicesPostgre sql best_practices
Postgre sql best_practicesEmiliano Fusaglia
 
Via forensics icloud-keychain_passwords_13
Via forensics icloud-keychain_passwords_13Via forensics icloud-keychain_passwords_13
Via forensics icloud-keychain_passwords_13viaForensics
 
Oracle Exadata Maintenance tasks 101 - OTN Tour 2015
Oracle Exadata Maintenance tasks 101 - OTN Tour 2015Oracle Exadata Maintenance tasks 101 - OTN Tour 2015
Oracle Exadata Maintenance tasks 101 - OTN Tour 2015Nelson Calero
 
MySQL Without the SQL -- Oh My! Longhorn PHP Conference
MySQL Without the SQL -- Oh My! Longhorn PHP ConferenceMySQL Without the SQL -- Oh My! Longhorn PHP Conference
MySQL Without the SQL -- Oh My! Longhorn PHP ConferenceDave Stokes
 
Oracle 12cR2 RAC Database Software Installation and Create Database
Oracle 12cR2 RAC Database Software Installation and Create DatabaseOracle 12cR2 RAC Database Software Installation and Create Database
Oracle 12cR2 RAC Database Software Installation and Create DatabaseMonowar Mukul
 
SafePeak Configuration Guide
SafePeak Configuration GuideSafePeak Configuration Guide
SafePeak Configuration GuideVladi Vexler
 
DAC
DACDAC
DACRam Reddy
 

More Related Content

What's hot

MySQL 8.0 Operational Changes
MySQL 8.0 Operational ChangesMySQL 8.0 Operational Changes
MySQL 8.0 Operational ChangesDave Stokes
 
IaC MeetUp Active Directory Setup for Oracle Security LAB
IaC MeetUp Active Directory Setup for Oracle Security LABIaC MeetUp Active Directory Setup for Oracle Security LAB
IaC MeetUp Active Directory Setup for Oracle Security LABStefan Oehrli
 
MySQL Replication Update - DEbconf 2020 presentation
MySQL Replication Update - DEbconf 2020 presentationMySQL Replication Update - DEbconf 2020 presentation
MySQL Replication Update - DEbconf 2020 presentationDave Stokes
 
Security Best Practice: Oracle passwords, but secure!
Security Best Practice: Oracle passwords, but secure!Security Best Practice: Oracle passwords, but secure!
Security Best Practice: Oracle passwords, but secure!Stefan Oehrli
 
Indexes From the Concept to Internals
Indexes From the Concept to InternalsIndexes From the Concept to Internals
Indexes From the Concept to InternalsDeiby Gómez
 
Database 12c is ready for you... Are you ready for 12c?
Database 12c is ready for you... Are you ready for 12c?Database 12c is ready for you... Are you ready for 12c?
Database 12c is ready for you... Are you ready for 12c?Performance Tuning Corporation
 
Datacon LA - MySQL without the SQL - Oh my!
Datacon LA - MySQL without the SQL - Oh my! Datacon LA - MySQL without the SQL - Oh my!
Datacon LA - MySQL without the SQL - Oh my! Dave Stokes
 
MySQL Utilities -- PyTexas 2015
MySQL Utilities -- PyTexas 2015MySQL Utilities -- PyTexas 2015
MySQL Utilities -- PyTexas 2015Dave Stokes
 
Ohio Linux Fest -- MySQL's NoSQL
Ohio Linux Fest -- MySQL's NoSQLOhio Linux Fest -- MySQL's NoSQL
Ohio Linux Fest -- MySQL's NoSQLDave Stokes
 
JavaScript and Friends August 20th, 20201 -- MySQL Shell and JavaScript
JavaScript and Friends August 20th, 20201 -- MySQL Shell and JavaScriptJavaScript and Friends August 20th, 20201 -- MySQL Shell and JavaScript
JavaScript and Friends August 20th, 20201 -- MySQL Shell and JavaScriptDave Stokes
 
MySQL's NoSQL -- Texas Linuxfest August 22nd 2015
MySQL's NoSQL -- Texas Linuxfest August 22nd 2015MySQL's NoSQL -- Texas Linuxfest August 22nd 2015
MySQL's NoSQL -- Texas Linuxfest August 22nd 2015Dave Stokes
 
MythBusters Globalization Support - Avoid Data Corruption
MythBusters Globalization Support - Avoid Data CorruptionMythBusters Globalization Support - Avoid Data Corruption
MythBusters Globalization Support - Avoid Data CorruptionChristian Gohmann
 
Oracle11g suse11 ilker bakir
Oracle11g suse11 ilker bakirOracle11g suse11 ilker bakir
Oracle11g suse11 ilker bakirilkerb
 
PNWPHP -- What are Databases so &#%-ing Difficult
PNWPHP -- What are Databases so &#%-ing DifficultPNWPHP -- What are Databases so &#%-ing Difficult
PNWPHP -- What are Databases so &#%-ing DifficultDave Stokes
 
Via forensics icloud-keychain_passwords_13
Via forensics icloud-keychain_passwords_13Via forensics icloud-keychain_passwords_13
Via forensics icloud-keychain_passwords_13viaForensics
 
Oracle Exadata Maintenance tasks 101 - OTN Tour 2015
Oracle Exadata Maintenance tasks 101 - OTN Tour 2015Oracle Exadata Maintenance tasks 101 - OTN Tour 2015
Oracle Exadata Maintenance tasks 101 - OTN Tour 2015Nelson Calero
 
MySQL Without the SQL -- Oh My! Longhorn PHP Conference
MySQL Without the SQL -- Oh My! Longhorn PHP ConferenceMySQL Without the SQL -- Oh My! Longhorn PHP Conference
MySQL Without the SQL -- Oh My! Longhorn PHP ConferenceDave Stokes
 
Oracle 12cR2 RAC Database Software Installation and Create Database
Oracle 12cR2 RAC Database Software Installation and Create DatabaseOracle 12cR2 RAC Database Software Installation and Create Database
Oracle 12cR2 RAC Database Software Installation and Create DatabaseMonowar Mukul
 

What's hot (20)

MySQL 8.0 Operational Changes
MySQL 8.0 Operational ChangesMySQL 8.0 Operational Changes
MySQL 8.0 Operational Changes
 
IaC MeetUp Active Directory Setup for Oracle Security LAB
IaC MeetUp Active Directory Setup for Oracle Security LABIaC MeetUp Active Directory Setup for Oracle Security LAB
IaC MeetUp Active Directory Setup for Oracle Security LAB
 
MySQL Replication Update - DEbconf 2020 presentation
MySQL Replication Update - DEbconf 2020 presentationMySQL Replication Update - DEbconf 2020 presentation
MySQL Replication Update - DEbconf 2020 presentation
 
Security Best Practice: Oracle passwords, but secure!
Security Best Practice: Oracle passwords, but secure!Security Best Practice: Oracle passwords, but secure!
Security Best Practice: Oracle passwords, but secure!
 
Indexes From the Concept to Internals
Indexes From the Concept to InternalsIndexes From the Concept to Internals
Indexes From the Concept to Internals
 
Database 12c is ready for you... Are you ready for 12c?
Database 12c is ready for you... Are you ready for 12c?Database 12c is ready for you... Are you ready for 12c?
Database 12c is ready for you... Are you ready for 12c?
 
Datacon LA - MySQL without the SQL - Oh my!
Datacon LA - MySQL without the SQL - Oh my! Datacon LA - MySQL without the SQL - Oh my!
Datacon LA - MySQL without the SQL - Oh my!
 
MySQL Utilities -- PyTexas 2015
MySQL Utilities -- PyTexas 2015MySQL Utilities -- PyTexas 2015
MySQL Utilities -- PyTexas 2015
 
Ohio Linux Fest -- MySQL's NoSQL
Ohio Linux Fest -- MySQL's NoSQLOhio Linux Fest -- MySQL's NoSQL
Ohio Linux Fest -- MySQL's NoSQL
 
JavaScript and Friends August 20th, 20201 -- MySQL Shell and JavaScript
JavaScript and Friends August 20th, 20201 -- MySQL Shell and JavaScriptJavaScript and Friends August 20th, 20201 -- MySQL Shell and JavaScript
JavaScript and Friends August 20th, 20201 -- MySQL Shell and JavaScript
 
MySQL's NoSQL -- Texas Linuxfest August 22nd 2015
MySQL's NoSQL -- Texas Linuxfest August 22nd 2015MySQL's NoSQL -- Texas Linuxfest August 22nd 2015
MySQL's NoSQL -- Texas Linuxfest August 22nd 2015
 
MythBusters Globalization Support - Avoid Data Corruption
MythBusters Globalization Support - Avoid Data CorruptionMythBusters Globalization Support - Avoid Data Corruption
MythBusters Globalization Support - Avoid Data Corruption
 
Oracle11g suse11 ilker bakir
Oracle11g suse11 ilker bakirOracle11g suse11 ilker bakir
Oracle11g suse11 ilker bakir
 
MySQL Shell for DBAs
MySQL Shell for DBAsMySQL Shell for DBAs
MySQL Shell for DBAs
 
PNWPHP -- What are Databases so &#%-ing Difficult
PNWPHP -- What are Databases so &#%-ing DifficultPNWPHP -- What are Databases so &#%-ing Difficult
PNWPHP -- What are Databases so &#%-ing Difficult
 
Postgre sql best_practices
Postgre sql best_practicesPostgre sql best_practices
Postgre sql best_practices
 
Via forensics icloud-keychain_passwords_13
Via forensics icloud-keychain_passwords_13Via forensics icloud-keychain_passwords_13
Via forensics icloud-keychain_passwords_13
 
Oracle Exadata Maintenance tasks 101 - OTN Tour 2015
Oracle Exadata Maintenance tasks 101 - OTN Tour 2015Oracle Exadata Maintenance tasks 101 - OTN Tour 2015
Oracle Exadata Maintenance tasks 101 - OTN Tour 2015
 
MySQL Without the SQL -- Oh My! Longhorn PHP Conference
MySQL Without the SQL -- Oh My! Longhorn PHP ConferenceMySQL Without the SQL -- Oh My! Longhorn PHP Conference
MySQL Without the SQL -- Oh My! Longhorn PHP Conference
 
Oracle 12cR2 RAC Database Software Installation and Create Database
Oracle 12cR2 RAC Database Software Installation and Create DatabaseOracle 12cR2 RAC Database Software Installation and Create Database
Oracle 12cR2 RAC Database Software Installation and Create Database
 

Similar to Tde oracle customer_demo

SafePeak Configuration Guide
SafePeak Configuration GuideSafePeak Configuration Guide
SafePeak Configuration GuideVladi Vexler
 
DOAG Oracle Database Vault
DOAG Oracle Database VaultDOAG Oracle Database Vault
DOAG Oracle Database VaultStefan Oehrli
 
[Wroclaw #9] The purge - dealing with secrets in Opera Software
[Wroclaw #9] The purge - dealing with secrets in Opera Software[Wroclaw #9] The purge - dealing with secrets in Opera Software
[Wroclaw #9] The purge - dealing with secrets in Opera SoftwareOWASP
 
Oracle Golden Gate Interview Questions
Oracle Golden Gate Interview QuestionsOracle Golden Gate Interview Questions
Oracle Golden Gate Interview QuestionsArun Sharma
 
Advanced administration and problem determination
Advanced administration and problem determinationAdvanced administration and problem determination
Advanced administration and problem determinationsolarisyougood
 
Uploading certificate with oracle wallet manager and orapki utilities
Uploading certificate with oracle wallet manager and orapki utilitiesUploading certificate with oracle wallet manager and orapki utilities
Uploading certificate with oracle wallet manager and orapki utilitiesÖzgür Umut Vurgun
 
WP VERITAS InfoScale Storage and Dockers Intro - v8
WP VERITAS InfoScale Storage and Dockers Intro - v8WP VERITAS InfoScale Storage and Dockers Intro - v8
WP VERITAS InfoScale Storage and Dockers Intro - v8Rajagopal Vaideeswaran
 
Caching and tuning fun for high scalability @ FrOSCon 2011
Caching and tuning fun for high scalability @ FrOSCon 2011Caching and tuning fun for high scalability @ FrOSCon 2011
Caching and tuning fun for high scalability @ FrOSCon 2011Wim Godden
 
Adventures in Underland: Is encryption solid as a rock or a handful of dust?
Adventures in Underland: Is encryption solid as a rock or a handful of dust?Adventures in Underland: Is encryption solid as a rock or a handful of dust?
Adventures in Underland: Is encryption solid as a rock or a handful of dust?Paula Januszkiewicz
 
11thingsabout11g 12659705398222 Phpapp01
11thingsabout11g 12659705398222 Phpapp0111thingsabout11g 12659705398222 Phpapp01
11thingsabout11g 12659705398222 Phpapp01Karam Abuataya
 
11 Things About11g
11 Things About11g11 Things About11g
11 Things About11gfcamachob
 
Oracle Key Vault Data Subsetting and Masking
Oracle Key Vault Data Subsetting and MaskingOracle Key Vault Data Subsetting and Masking
Oracle Key Vault Data Subsetting and MaskingDLT Solutions
 
Oracle Database Backup
Oracle Database BackupOracle Database Backup
Oracle Database BackupHandy_Backup
 
Database security best_practices
Database security best_practicesDatabase security best_practices
Database security best_practicesTarik Essawi
 
Ibm aix technical deep dive workshop advanced administration and problem dete...
Ibm aix technical deep dive workshop advanced administration and problem dete...Ibm aix technical deep dive workshop advanced administration and problem dete...
Ibm aix technical deep dive workshop advanced administration and problem dete...solarisyougood
 
Caching and tuning fun for high scalability
Caching and tuning fun for high scalabilityCaching and tuning fun for high scalability
Caching and tuning fun for high scalabilityWim Godden
 
Schema replication using oracle golden gate 12c
Schema replication using oracle golden gate 12cSchema replication using oracle golden gate 12c
Schema replication using oracle golden gate 12cuzzal basak
 
Nexsan_E-Series Encryption at Rest SED_US_Eng
Nexsan_E-Series Encryption at Rest SED_US_EngNexsan_E-Series Encryption at Rest SED_US_Eng
Nexsan_E-Series Encryption at Rest SED_US_EngDeborah Lindquist
 
Issuing temporary credentials for my sql using hashicorp vault
Issuing temporary credentials for my sql using hashicorp vaultIssuing temporary credentials for my sql using hashicorp vault
Issuing temporary credentials for my sql using hashicorp vaultOlinData
 

Similar to Tde oracle customer_demo (20)

SafePeak Configuration Guide
SafePeak Configuration GuideSafePeak Configuration Guide
SafePeak Configuration Guide
 
DAC
DACDAC
DAC
 
DOAG Oracle Database Vault
DOAG Oracle Database VaultDOAG Oracle Database Vault
DOAG Oracle Database Vault
 
[Wroclaw #9] The purge - dealing with secrets in Opera Software
[Wroclaw #9] The purge - dealing with secrets in Opera Software[Wroclaw #9] The purge - dealing with secrets in Opera Software
[Wroclaw #9] The purge - dealing with secrets in Opera Software
 
Oracle Golden Gate Interview Questions
Oracle Golden Gate Interview QuestionsOracle Golden Gate Interview Questions
Oracle Golden Gate Interview Questions
 
Advanced administration and problem determination
Advanced administration and problem determinationAdvanced administration and problem determination
Advanced administration and problem determination
 
Uploading certificate with oracle wallet manager and orapki utilities
Uploading certificate with oracle wallet manager and orapki utilitiesUploading certificate with oracle wallet manager and orapki utilities
Uploading certificate with oracle wallet manager and orapki utilities
 
WP VERITAS InfoScale Storage and Dockers Intro - v8
WP VERITAS InfoScale Storage and Dockers Intro - v8WP VERITAS InfoScale Storage and Dockers Intro - v8
WP VERITAS InfoScale Storage and Dockers Intro - v8
 
Caching and tuning fun for high scalability @ FrOSCon 2011
Caching and tuning fun for high scalability @ FrOSCon 2011Caching and tuning fun for high scalability @ FrOSCon 2011
Caching and tuning fun for high scalability @ FrOSCon 2011
 
Adventures in Underland: Is encryption solid as a rock or a handful of dust?
Adventures in Underland: Is encryption solid as a rock or a handful of dust?Adventures in Underland: Is encryption solid as a rock or a handful of dust?
Adventures in Underland: Is encryption solid as a rock or a handful of dust?
 
11thingsabout11g 12659705398222 Phpapp01
11thingsabout11g 12659705398222 Phpapp0111thingsabout11g 12659705398222 Phpapp01
11thingsabout11g 12659705398222 Phpapp01
 
11 Things About11g
11 Things About11g11 Things About11g
11 Things About11g
 
Oracle Key Vault Data Subsetting and Masking
Oracle Key Vault Data Subsetting and MaskingOracle Key Vault Data Subsetting and Masking
Oracle Key Vault Data Subsetting and Masking
 
Oracle Database Backup
Oracle Database BackupOracle Database Backup
Oracle Database Backup
 
Database security best_practices
Database security best_practicesDatabase security best_practices
Database security best_practices
 
Ibm aix technical deep dive workshop advanced administration and problem dete...
Ibm aix technical deep dive workshop advanced administration and problem dete...Ibm aix technical deep dive workshop advanced administration and problem dete...
Ibm aix technical deep dive workshop advanced administration and problem dete...
 
Caching and tuning fun for high scalability
Caching and tuning fun for high scalabilityCaching and tuning fun for high scalability
Caching and tuning fun for high scalability
 
Schema replication using oracle golden gate 12c
Schema replication using oracle golden gate 12cSchema replication using oracle golden gate 12c
Schema replication using oracle golden gate 12c
 
Nexsan_E-Series Encryption at Rest SED_US_Eng
Nexsan_E-Series Encryption at Rest SED_US_EngNexsan_E-Series Encryption at Rest SED_US_Eng
Nexsan_E-Series Encryption at Rest SED_US_Eng
 
Issuing temporary credentials for my sql using hashicorp vault
Issuing temporary credentials for my sql using hashicorp vaultIssuing temporary credentials for my sql using hashicorp vault
Issuing temporary credentials for my sql using hashicorp vault
 

Recently uploaded

AMBER GRAIN EMBROIDERY | Growing folklore elements | Root-based materials, w...
AMBER GRAIN EMBROIDERY | Growing folklore elements | Root-based materials, w...AMBER GRAIN EMBROIDERY | Growing folklore elements | Root-based materials, w...
AMBER GRAIN EMBROIDERY | Growing folklore elements | Root-based materials, w...BarusRa
 
Top Rated Pune Call Girls Koregaon Park ⟟ 6297143586 ⟟ Call Me For Genuine S...
Top Rated Pune Call Girls Koregaon Park ⟟ 6297143586 ⟟ Call Me For Genuine S...Top Rated Pune Call Girls Koregaon Park ⟟ 6297143586 ⟟ Call Me For Genuine S...
Top Rated Pune Call Girls Koregaon Park ⟟ 6297143586 ⟟ Call Me For Genuine S...Call Girls in Nagpur High Profile
 
Cosumer Willingness to Pay for Sustainable Bricks
Cosumer Willingness to Pay for Sustainable BricksCosumer Willingness to Pay for Sustainable Bricks
Cosumer Willingness to Pay for Sustainable Bricksabhishekparmar618
 
VIP Call Girls Service Kukatpally Hyderabad Call +91-8250192130
VIP Call Girls Service Kukatpally Hyderabad Call +91-8250192130VIP Call Girls Service Kukatpally Hyderabad Call +91-8250192130
VIP Call Girls Service Kukatpally Hyderabad Call +91-8250192130Suhani Kapoor
 
Best VIP Call Girls Noida Sector 44 Call Me: 8448380779
Best VIP Call Girls Noida Sector 44 Call Me: 8448380779Best VIP Call Girls Noida Sector 44 Call Me: 8448380779
Best VIP Call Girls Noida Sector 44 Call Me: 8448380779Delhi Call girls
 
Cheap Rate ➥8448380779 ▻Call Girls In Huda City Centre Gurgaon
Cheap Rate ➥8448380779 ▻Call Girls In Huda City Centre GurgaonCheap Rate ➥8448380779 ▻Call Girls In Huda City Centre Gurgaon
Cheap Rate ➥8448380779 ▻Call Girls In Huda City Centre GurgaonDelhi Call girls
 
VIP Russian Call Girls in Saharanpur Deepika 8250192130 Independent Escort Se...
VIP Russian Call Girls in Saharanpur Deepika 8250192130 Independent Escort Se...VIP Russian Call Girls in Saharanpur Deepika 8250192130 Independent Escort Se...
VIP Russian Call Girls in Saharanpur Deepika 8250192130 Independent Escort Se...Suhani Kapoor
 
Chapter 19_DDA_TOD Policy_First Draft 2012.pdf
Chapter 19_DDA_TOD Policy_First Draft 2012.pdfChapter 19_DDA_TOD Policy_First Draft 2012.pdf
Chapter 19_DDA_TOD Policy_First Draft 2012.pdfParomita Roy
 
WAEC Carpentry and Joinery Past Questions
WAEC Carpentry and Joinery Past QuestionsWAEC Carpentry and Joinery Past Questions
WAEC Carpentry and Joinery Past QuestionsCharles Obaleagbon
 
CALL ON ➥8923113531 🔝Call Girls Kalyanpur Lucknow best Female service 🧵
CALL ON ➥8923113531 🔝Call Girls Kalyanpur Lucknow best Female service 🧵CALL ON ➥8923113531 🔝Call Girls Kalyanpur Lucknow best Female service 🧵
CALL ON ➥8923113531 🔝Call Girls Kalyanpur Lucknow best Female service 🧵anilsa9823
 
Cheap Rate Call girls Kalkaji 9205541914 shot 1500 night
Cheap Rate Call girls Kalkaji 9205541914 shot 1500 nightCheap Rate Call girls Kalkaji 9205541914 shot 1500 night
Cheap Rate Call girls Kalkaji 9205541914 shot 1500 nightDelhi Call girls
 
Peaches App development presentation deck
Peaches App development presentation deckPeaches App development presentation deck
Peaches App development presentation decktbatkhuu1
 
Kala jadu for love marriage | Real amil baba | Famous amil baba | kala jadu n...
Kala jadu for love marriage | Real amil baba | Famous amil baba | kala jadu n...Kala jadu for love marriage | Real amil baba | Famous amil baba | kala jadu n...
Kala jadu for love marriage | Real amil baba | Famous amil baba | kala jadu n...babafaisel
 
Kindergarten Assessment Questions Via LessonUp
Kindergarten Assessment Questions Via LessonUpKindergarten Assessment Questions Via LessonUp
Kindergarten Assessment Questions Via LessonUpmainac1
 
CBD Belapur Individual Call Girls In 08976425520 Panvel Only Genuine Call Girls
CBD Belapur Individual Call Girls In 08976425520 Panvel Only Genuine Call GirlsCBD Belapur Individual Call Girls In 08976425520 Panvel Only Genuine Call Girls
CBD Belapur Individual Call Girls In 08976425520 Panvel Only Genuine Call Girlsmodelanjalisharma4
 
Night 7k to 12k Call Girl Price Ahmedabad 👉 BOOK NOW 8617697112 👈 ♀️ night gi...
Night 7k to 12k Call Girl Price Ahmedabad 👉 BOOK NOW 8617697112 👈 ♀️ night gi...Night 7k to 12k Call Girl Price Ahmedabad 👉 BOOK NOW 8617697112 👈 ♀️ night gi...
Night 7k to 12k Call Girl Price Ahmedabad 👉 BOOK NOW 8617697112 👈 ♀️ night gi...Call girls in Ahmedabad High profile
 
Cheap Rate ➥8448380779 ▻Call Girls In Iffco Chowk Gurgaon
Cheap Rate ➥8448380779 ▻Call Girls In Iffco Chowk GurgaonCheap Rate ➥8448380779 ▻Call Girls In Iffco Chowk Gurgaon
Cheap Rate ➥8448380779 ▻Call Girls In Iffco Chowk GurgaonDelhi Call girls
 
Call Girls in Kalkaji Delhi 8264348440 call girls ❤️
Call Girls in Kalkaji Delhi 8264348440 call girls ❤️Call Girls in Kalkaji Delhi 8264348440 call girls ❤️
Call Girls in Kalkaji Delhi 8264348440 call girls ❤️soniya singh
 
The_Canvas_of_Creative_Mastery_Newsletter_April_2024_Version.pdf
The_Canvas_of_Creative_Mastery_Newsletter_April_2024_Version.pdfThe_Canvas_of_Creative_Mastery_Newsletter_April_2024_Version.pdf
The_Canvas_of_Creative_Mastery_Newsletter_April_2024_Version.pdfAmirYakdi
 

Recently uploaded (20)

AMBER GRAIN EMBROIDERY | Growing folklore elements | Root-based materials, w...
AMBER GRAIN EMBROIDERY | Growing folklore elements | Root-based materials, w...AMBER GRAIN EMBROIDERY | Growing folklore elements | Root-based materials, w...
AMBER GRAIN EMBROIDERY | Growing folklore elements | Root-based materials, w...
 
Top Rated Pune Call Girls Koregaon Park ⟟ 6297143586 ⟟ Call Me For Genuine S...
Top Rated Pune Call Girls Koregaon Park ⟟ 6297143586 ⟟ Call Me For Genuine S...Top Rated Pune Call Girls Koregaon Park ⟟ 6297143586 ⟟ Call Me For Genuine S...
Top Rated Pune Call Girls Koregaon Park ⟟ 6297143586 ⟟ Call Me For Genuine S...
 
Cosumer Willingness to Pay for Sustainable Bricks
Cosumer Willingness to Pay for Sustainable BricksCosumer Willingness to Pay for Sustainable Bricks
Cosumer Willingness to Pay for Sustainable Bricks
 
VIP Call Girls Service Kukatpally Hyderabad Call +91-8250192130
VIP Call Girls Service Kukatpally Hyderabad Call +91-8250192130VIP Call Girls Service Kukatpally Hyderabad Call +91-8250192130
VIP Call Girls Service Kukatpally Hyderabad Call +91-8250192130
 
Best VIP Call Girls Noida Sector 44 Call Me: 8448380779
Best VIP Call Girls Noida Sector 44 Call Me: 8448380779Best VIP Call Girls Noida Sector 44 Call Me: 8448380779
Best VIP Call Girls Noida Sector 44 Call Me: 8448380779
 
Cheap Rate ➥8448380779 ▻Call Girls In Huda City Centre Gurgaon
Cheap Rate ➥8448380779 ▻Call Girls In Huda City Centre GurgaonCheap Rate ➥8448380779 ▻Call Girls In Huda City Centre Gurgaon
Cheap Rate ➥8448380779 ▻Call Girls In Huda City Centre Gurgaon
 
VIP Russian Call Girls in Saharanpur Deepika 8250192130 Independent Escort Se...
VIP Russian Call Girls in Saharanpur Deepika 8250192130 Independent Escort Se...VIP Russian Call Girls in Saharanpur Deepika 8250192130 Independent Escort Se...
VIP Russian Call Girls in Saharanpur Deepika 8250192130 Independent Escort Se...
 
Chapter 19_DDA_TOD Policy_First Draft 2012.pdf
Chapter 19_DDA_TOD Policy_First Draft 2012.pdfChapter 19_DDA_TOD Policy_First Draft 2012.pdf
Chapter 19_DDA_TOD Policy_First Draft 2012.pdf
 
Call Girls Service Mukherjee Nagar @9999965857 Delhi 🫦 No Advance VVIP 🍎 SER...
Call Girls Service Mukherjee Nagar @9999965857 Delhi 🫦 No Advance VVIP 🍎 SER...Call Girls Service Mukherjee Nagar @9999965857 Delhi 🫦 No Advance VVIP 🍎 SER...
Call Girls Service Mukherjee Nagar @9999965857 Delhi 🫦 No Advance VVIP 🍎 SER...
 
WAEC Carpentry and Joinery Past Questions
WAEC Carpentry and Joinery Past QuestionsWAEC Carpentry and Joinery Past Questions
WAEC Carpentry and Joinery Past Questions
 
CALL ON ➥8923113531 🔝Call Girls Kalyanpur Lucknow best Female service 🧵
CALL ON ➥8923113531 🔝Call Girls Kalyanpur Lucknow best Female service 🧵CALL ON ➥8923113531 🔝Call Girls Kalyanpur Lucknow best Female service 🧵
CALL ON ➥8923113531 🔝Call Girls Kalyanpur Lucknow best Female service 🧵
 
Cheap Rate Call girls Kalkaji 9205541914 shot 1500 night
Cheap Rate Call girls Kalkaji 9205541914 shot 1500 nightCheap Rate Call girls Kalkaji 9205541914 shot 1500 night
Cheap Rate Call girls Kalkaji 9205541914 shot 1500 night
 
Peaches App development presentation deck
Peaches App development presentation deckPeaches App development presentation deck
Peaches App development presentation deck
 
Kala jadu for love marriage | Real amil baba | Famous amil baba | kala jadu n...
Kala jadu for love marriage | Real amil baba | Famous amil baba | kala jadu n...Kala jadu for love marriage | Real amil baba | Famous amil baba | kala jadu n...
Kala jadu for love marriage | Real amil baba | Famous amil baba | kala jadu n...
 
Kindergarten Assessment Questions Via LessonUp
Kindergarten Assessment Questions Via LessonUpKindergarten Assessment Questions Via LessonUp
Kindergarten Assessment Questions Via LessonUp
 
CBD Belapur Individual Call Girls In 08976425520 Panvel Only Genuine Call Girls
CBD Belapur Individual Call Girls In 08976425520 Panvel Only Genuine Call GirlsCBD Belapur Individual Call Girls In 08976425520 Panvel Only Genuine Call Girls
CBD Belapur Individual Call Girls In 08976425520 Panvel Only Genuine Call Girls
 
Night 7k to 12k Call Girl Price Ahmedabad 👉 BOOK NOW 8617697112 👈 ♀️ night gi...
Night 7k to 12k Call Girl Price Ahmedabad 👉 BOOK NOW 8617697112 👈 ♀️ night gi...Night 7k to 12k Call Girl Price Ahmedabad 👉 BOOK NOW 8617697112 👈 ♀️ night gi...
Night 7k to 12k Call Girl Price Ahmedabad 👉 BOOK NOW 8617697112 👈 ♀️ night gi...
 
Cheap Rate ➥8448380779 ▻Call Girls In Iffco Chowk Gurgaon
Cheap Rate ➥8448380779 ▻Call Girls In Iffco Chowk GurgaonCheap Rate ➥8448380779 ▻Call Girls In Iffco Chowk Gurgaon
Cheap Rate ➥8448380779 ▻Call Girls In Iffco Chowk Gurgaon
 
Call Girls in Kalkaji Delhi 8264348440 call girls ❤️
Call Girls in Kalkaji Delhi 8264348440 call girls ❤️Call Girls in Kalkaji Delhi 8264348440 call girls ❤️
Call Girls in Kalkaji Delhi 8264348440 call girls ❤️
 
The_Canvas_of_Creative_Mastery_Newsletter_April_2024_Version.pdf
The_Canvas_of_Creative_Mastery_Newsletter_April_2024_Version.pdfThe_Canvas_of_Creative_Mastery_Newsletter_April_2024_Version.pdf
The_Canvas_of_Creative_Mastery_Newsletter_April_2024_Version.pdf
 

Tde oracle customer_demo

  • 1. 26-May-2016 TDE – Transparant data encryption Gino D’ Alfonso
  • 3. 33 Transparent Data Encryption What is it not It’s no data masking
  • 4. 44 Transparent Data Encryption What is it not It’s no data redaction
  • 6. 66 Transparent Data Encryption How to Install tde on database. Sqlnet.ora needs following line ENCRYPTION_WALLET_LOCATION = (SOURCE = (METHOD = FILE) (METHOD_DATA = (DIRECTORY = /u01/app/oracle/admin/$ORACLE_UNQNAME/tde_wallet))) Only oracle access to directory chmod 600 ewallet.p12 Avoding deleting TDE wallet chattr +i ewallet.p12 chattr +i cwallet.cso
  • 7. 77 Transparent Data Encryption How to Install tde on database. Auto logging versus local logging Opening the wallet is a manual operation and must be performed to make the master encryption key available to the database $ orapki wallet create –wallet <wallet location> -auto_login Creates file ewallet.cso $ orapki wallet create –wallet <wallet location> -auto_login_local local auto-open wallet can be created, starting with Oracle Database 11.1.0.7; it does not open on any machine other than the one it was created on.
  • 8. 8 Separation of duties Wallet password is separate from System or DBA password No access to wallet
  • 9. 99 Transparent Data Encryption HOW? • The encryption is done at the operating system level, where data is stored OWNER_EVL@TEST1_1 SQL> select * from SECURE_CUSTOMER_INFO; NAME ACCOUNT_NR ------------------------------ ---------- Semira 123456789 Mehrdad 223456789 Geert 323456789 $ strings testelvd |grep -i Geert Geert
  • 10. 1010 Transparent Data Encryption HOW? • The encryption is done at the operating system level, where data is stored OWNER_ABC@TEST1_1 SQL> select * from SECURE_CUSTOMER_INFO; NAME ACCOUNT_NR ------------------------------ ---------- Semira 123456789 Mehrdad 223456789 Geert 323456789 NewCstmer 123456777 $ strings testtablespaceABCD |grep -i Geert
  • 11. 1111 Transparent Data Encryption The way to encrypt • Tablespace level Better performance You can’t find all columns with sensitive data Data type/data length not supported by column encryption Sensitive column is foreign key Index type is other then b-tree Range scan search through an index
  • 12. 1212 Transparent Data Encryption Migration Tablespace level • Existing data must be move to encrypted tablespace. • Can be done online or offline.. • Using dataguard trasient logical standby Downtime < 5 Minutes is the best way.
  • 14. 1414 Transparent Data Encryption RESTRICTIONS of TDE • Only protects data stored on disk/media, not the data in transit • Decrease performance /Column only • TDE can't be enabled on a SYS-owned table • RMAN backups – not with image copies
  • 18. 1818 Risk when using Transparent Data Encryption LOST OF AUTOLOGIN WALLET Deleted the file cwallet.sso (the autologin wallet) on the o.s.-level. Result: SQL> select * from emp; –> no problem reading the data, as expected, it’s just the auto-login wallet. - Shutdown , startup database: no problem with starting the database - SQL> select * from emp; ---> ORA-28365: wallet is not open. - SQL> ALTER SYSTEM SET ENCRYPTION WALLET OPEN IDENTIFIED BY “<password>”; - SQL> select * from emp; --> works again.
  • 19. 1919 Risk when using Transparent Data Encryption LOST OF WALLET WITH MASTER KEY. Deleted the ewallet.p12 too. Result: SQL> select * from emp; --> No problem in reading the data, key is read from the database (but when will I find out I’ve lost my wallet?). - SQL> Shutdown , startup database: --> No problem to startup. No errors in alert-file also. - SQL> select * from emp; –> This gives ORA-28365: wallet is not open
  • 20. 2020 Risk when using Transparent Data Encryption LOST OF WALLET WITH MASTER KEY. Backup is done of ewallet.p12 by OS Backup Backup is done every day. So Restore can be done. Backup is done of cwallet.sso. Separated from ewallet.p12 So Restore can be done.
  • 21. 2121 Appendix A Physical standby database • Yes it works • As long as the wallet is available on standby site. After creating wallet for primary database redo apply on standby stops immediately. You see the following in the alert file of the standby database. Apply redo for database master key re-key failed: new master key does not exist in the keystore MRP0: Background Media Recovery terminated with error 28374 Errors in file /u01/app/oracle/diag/rdbms/test1_01/TEST1_1/trace/TEST1_1_pr00_8912.trc: ORA-28374: typed master key not found in wallet Mon May 09 16:32:17 2016 Managed Standby Recovery not using Real Time Apply Recovery interrupted! solution: copy wallet to standby site’s
  • 22. 2222 Appendix B Rekey Wallet -- How do I change (rotate, re-key) the encryption keys? . First copy the current wallet files to backup directory . change wallet password $ orapki wallet change_pwd -wallet /u01/app/oracle/admin/TEST1_02/tde_wallet Oracle PKI Tool : Version 11.2.0.4.0 - Production Copyright (c) 2004, 2013, Oracle and/or its affiliates. All rights reserved. Enter wallet password: New password: . Now change the master key SYS@TEST1_1 SQL> alter system set encryption key identified by "Secret"; System altered. . Now copy wallet files to other nodes for Rac or candidate servers for Rac-One.
  • 23. 2323 Appendix B Rekey Wallet -- How do I change (rotate, re-key) the encryption keys? . Now use orapki wallet display -wallet to validate the new password $ orapki wallet display -wallet /u01/app/oracle/admin/ADBA1_02/tde_wallet Oracle PKI Tool : Version 11.2.0.4.0 - Production Copyright (c) 2004, 2013, Oracle and/or its affiliates. All rights reserved. Requested Certificates: Subject: CN=oracle User Certificates: Oracle Secret Store entries: ORACLE.SECURITY.DB.ENCRYPTION.ARdWiPlpNk//v21yGHOQSCIAAAAAAAAAAAAAAAAAAAAAAAAAAAAA ORACLE.SECURITY.DB.ENCRYPTION.ASI051MIg0+tv2umfj9rUiMAAAAAAAAAAAAAAAAAAAAAAAAAAAAA ORACLE.SECURITY.DB.ENCRYPTION.ATWs+inFQ09Fv7JneP6xBrwAAAAAAAAAAAAAAAAAAAAAAAAAAAAA ORACLE.SECURITY.DB.ENCRYPTION.MASTERKEY ORACLE.SECURITY.TS.ENCRYPTION.BTks5HXDwpxFD/olKnblkckCAwAAAAAAAAAAAAAAAAAAAAAAAAAA Trusted Certificates: The red line is the new password for the wallet.
  • 24. 2424 Appendix B Rekey Wallet -- How do I change (rotate, re-key) the encryption keys? Physical standby database After rekey wallet for primary database redo apply on standby stops immediately. You see the following in the alert file of the standby database. Apply redo for database master key re-key failed: new master key does not exist in the keystore MRP0: Background Media Recovery terminated with error 28374 Errors in file /u01/app/oracle/diag/rdbms/test1_01/TEST1_1/trace/TEST1_1_pr00_8912.trc: ORA-28374: typed master key not found in wallet Mon May 09 16:32:17 2016 Managed Standby Recovery not using Real Time Apply Recovery interrupted! solution: copy wallet to standby site’s
  • 25. 2525