DARE Steps

Step 1: Set the Software Keystore Location in the sqlnet.ora File

Create directory e.g. /u02/oradata/wallets/

Change in sqlnet.ora


ENCRYPTION_WALLET_LOCATION=
(SOURCE=
(METHOD=FILE)
(METHOD_DATA=
(DIRECTORY=/u02/oradata/wallets/)))

Step 2: Create the Software Keystore
Login as SYS and run following command:

ADMINISTER KEY MANAGEMENT CREATE KEYSTORE '/u02/oradata/wallets/' IDENTIFIED BY DARE4Oracle;
Verify:
select STATUS from V$ENCRYPTION_WALLET; --> CLOSED

Step 3: Open the Software Keystore

ADMINISTER KEY MANAGEMENT SET KEYSTORE OPEN IDENTIFIED BY DARE4Oracle;

Verify:
select STATUS from V$ENCRYPTION_WALLET; --> OPEN_NO_MASTER_KEY

Step 4: Set the Software TDE Master Encryption Key

Make sure that database is open
select open_mode from v$database; --> READ WRITE


ADMINISTER KEY MANAGEMENT SET KEY IDENTIFIED BY DARE4Oracle WITH BACKUP USING 'emp_key_backup';
Verify:
select STATUS from V$ENCRYPTION_WALLET; --> OPEN

Step 5: Encrypt Your Data

Compatible parameter must be 11.2.0.0 or higher.

SHOW PARAMETER COMPATIBLE --> 12.1.0.2.0

You can create a new tablespace and encryption it. However, you cannot encrypt an existing tablespace.

Create Tablespace
CREATE TABLESPACE ECMDATA
ENCRYPTION
DEFAULT STORAGE(ENCRYPT);

Verify:
SELECT * FROM V$ENCRYPTED_TABLESPACES; --> AES128

Join The Discussion

Your email address will not be published. Required fields are marked *