Para configurar o TDE na arquitetura multi-tenant do Oracle 12c, precisamos executar algumas etapas para poder criar tablespaces criptografadas no Oracle, por exemplo.
To configure TDE on Oracle 12c multitenant architecture we need to execute some steps in order to be able to create encrypted tablespaces on Oracle, for example.
1) Ajuste o arquivo sqlnet.ora para se referir o caminho da wallet
1) Adjust the sqlnet.ora file to refer your wallet path
[oracle@db1 admin]$ cat sqlnet.ora
ENCRYPTION_WALLET_LOCATION=
(SOURCE=
(METHOD=FILE)
(METHOD_DATA=
(DIRECTORY=/u01/app/oracle/CDB1)
)
)
2) Crie uma nova pasta no Sistema Operacional
2) Create the folder on OS side
[oracle@db1 admin]$ mkdir -p /u01/app/oracle/CDB1
3) Efetue login no banco de dados usando a função syskm, crie o keystore e o keystore de login automático
3) Log into database using the role syskm, create the keystore and the auto login keystore
[oracle@db1 admin]$ sqlplus / as syskm SQL*Plus: Release 12.1.0.2.0 Production on Tue Jul 30 13:42:13 2019 Copyright (c) 1982, 2014, Oracle. All rights reserved. Connected to: Oracle Database 12c Enterprise Edition Release 12.1.0.2.0 - 64bit Production With the Partitioning, OLAP, Advanced Analytics and Real Application Testing options SQL> administer key management create keystore '/u01/app/oracle/CDB1' identified by oracle; keystore altered. SQL> SQL> SQL> ADMINISTER KEY MANAGEMENT CREATE AUTO_LOGIN KEYSTORE FROM KEYSTORE '/u01/app/oracle/CDB1' IDENTIFIED BY oracle; keystore altered. SQL> select * from v$encryption_wallet; WRL_TYPE WRL_PARAMETER STATUS WALLET_TYPE WALLET_OR FULLY_BAC CON_ID ------------ --------------------------------- ---------------------- -------------- ----------------------- ----------- FILE /u01/app/oracle/CDB1/ OPEN_NO_MASTER_KEY AUTOLOGIN SINGLE UNDEFINED 0
4) Faça um bounce do banco de dados para ver se o keystore AUTO_LOGIN está funcionando corretamente
4) Bounce the database to see if AUTO_LOGIN keystore is working correctly
SQL> connect / as sysdba
Connected.
SQL> shut immediate;
Database closed.
Database dismounted.
startup
ORACLE instance shut down.
SQL> ORACLE instance started.
Total System Global Area 1660944384 bytes
Fixed Size 2925072 bytes
Variable Size 1040190960 bytes
Database Buffers 603979776 bytes
Redo Buffers 13848576 bytes
Database mounted.
Database opened.
SQL> select * from v$encryption_wallet;
WRL_TYPE WRL_PARAMETER STATUS WALLET_TYPE WALLET_OR FULLY_BAC CON_ID
------------ --------------------------------- ---------------------- -------------- ----------------------- -----------
FILE /u01/app/oracle/CDB1/ OPEN_NO_MASTER_KEY AUTOLOGIN SINGLE UNDEFINED 0
Obs .: Na primeira vez, é preciso definir a chave mestre para evitar esse status e erros com a key não aberta corretamente.
Obs.: The first time, you need to set the masterkey to avoid this status and errors with the key not open properly.
SQL> alter pluggable database all open;
Pluggable database altered.
SQL> show pdbs
CON_ID CON_NAME OPEN MODE RESTRICTED
---------- ------------------------------ ---------- ----------
2 PDB$SEED READ ONLY NO
3 PDB2 READ WRITE NO
4 PD3 READ WRITE NO
5) Vamos configurar a chave mestre no keystore
5) Let’s setup the masterkey on the keystore
SQL> conn / as sysdba
Connected.
SQL> grant dba,syskm to C##dba identified by oracle container=ALL;
Grant succeeded.
SQL> administer key management set keystore close container=all;
keystore altered.
SQL> administer key management set keystore open identified by oracle container=all;
keystore altered.
6) No pluggable database, conectado com o usuário comum C ## DBA, vamos definir a chave para todos os pdbs.
6) On pluggable database, connected with common user C##DBA, let’s set the key for all pdbs.
SQL> conn c##dba/oracle@db1:1521/PD3 as syskm;
Connected.
SQL>
SQL> conn / as sysdba
Connected.
SQL> administer key management set key identified by oracle with backup using 'OMK' container=ALL;
keystore altered.
SQL> select * from v$encryption_wallet;
WRL_TYPE WRL_PARAMETER STATUS WALLET_TYPE WALLET_OR FULLY_BAC CON_ID
------------ --------------------------------- ---------------------- -------------- ----------------------- -----------
FILE /u01/app/oracle/CDB1/ OPEN PASSWORD SINGLE NO 0
Como você pode ver acima, agora o status é OPEN (por senha)
As you can see above, now the status is OPEN (by password)
7) Conectado no PD3 como usuario comum C ## DBA e agora podemos criar nosso tablespace
7) Connected on PD3 as common user C##DBA and now we can create our tablespace
SQL> conn c##dba/oracle@db1:1521/PD3; Connected. SQL> create tablespace OCM_CRYP 2 datafile '/u01/app/oracle/oradata/CDB1/8DE664DD797442E9E055000000000001/datafile/OCM.DBF' 3 size 10m 4 encryption using 'AES256' 5 default storage(ENCRYPT); Tablespace created.
Então, esta é a nova maneira do 12c gerenciar chaves para criptografia do banco de dados
Espero que isso ajude você!!!
Este artigo foi escrito por Andre Ontalba e Rodrigo Mufalani
4 Comments
José
André Luiz Dutra Ontalba, excelente artigo.
ExcadLy
Sale Original Propecia https://newfasttadalafil.com/ – cialis and viagra sales nombre generico del viagra Hsslzp Practical or functional alchemy developed from chemical processes such as fermenting beer tanning leather smelting ores to extract valuable metals and minerals preparing medicinal potions and balms and distilling extracts from plants and the earth. Cialis Dbrmlo Amoxicillin For Std Fuujhp https://newfasttadalafil.com/ – buy cialis canada pharmacy Ditrim 480 Mg Vxwvzs
Estinge
Mxxbem https://newfasttadalafil.com/ – cialis online purchase levitra maximum dosage Fnkoen Us Pharmacy Selling Toradol cialis 10mg Priligy Espana Precio Adstue https://newfasttadalafil.com/ – Cialis Eekeol Assume that the breathing rate is liters of air per hour.
ExcadLy
Bswidh who plays guitar in cialis commercial https://newfasttadalafil.com/ – buy cialis online using paypal Pkfcfk Cephalexin Ingredients Cialis Most lesions that cause aphasia involve the dominant hemisphere. ccrx find cialis https://newfasttadalafil.com/ – Cialis Cialis Tabs Sale Wyjcmp