Oracle数据安全解决方案-透明数据加密TDE

select file_name,tablespace_name from dba_data_files;




create temporary tablespace wal_temp99
tempfile 'D:\APP\ADMINISTRATOR\ORADATA\ORCL\wal_temp99.dbf' 
size 100m  
autoextend on  
next 100m maxsize 20480m  
extent management local;  
 
/*第2步：创建数据表空间  */
create tablespace wal_data99 
logging  
datafile 'D:\APP\ADMINISTRATOR\ORADATA\ORCL\wal_data99.dbf' 
size 100m  
autoextend on  
next 100m maxsize 20480m  
extent management local;  
 
/*第3步：创建用户并指定表空间  */
create user wal_admin99 identified by wal_admin99  --创建用户和密码
default tablespace wal_data99  
temporary tablespace wal_temp99;  
 
/*第4步：给用户授予权限  要给dba权限*/
grant create session, create any table, create any view ,create any index, 
create any procedure,alter any table, alter any procedure,drop any table, 
drop any view, drop any index, drop any procedure,select any table, create any trigger,create table,
insert any table, update any table, delete any table ,unlimited tablespace,connect,resource,dba to wal_admin99;


/* 1.创建一个新目录，并指定为Wallet目录*/


D:\oracle\product\10.2.0\admin\ora10\ora_wallet


/* 2.设置wallet目录，在参数文件sqlnet.ora中（window+f,在你安装盘区查找sqlnet.ora），按照下面的格式加入信息：*/


ENCRYPTION_WALLET_LOCATION=(SOURCE=(METHOD=FILE)


(METHOD_DATA=(DIRECTORY=D:\oracle\product\10.2.0\admin\ora10\ora_wallet)))


/* 3.创建master key文件，指定wallet密码，使用SYS用户登入系统，建立加密文件*/
alter system set encryption key authenticated by "zhaohy";  
/* 4.启动、关闭Wallet*/
ALTER SYSTEM SET ENCRYPTION WALLET OPEN IDENTIFIED BY "zhaohy";
 alter system set wallet close identified by "zhaohy";   --关闭
 /*5.源库wallet处于open状态下进行导出*/
 select * from v$encryption_wallet;
 /*6.新用户下创建表，info为加密列*/
 create table tde_private(  


   id number(10) primary key,  


    info varchar2(50) encrypt using 'AES192'  


   ); 
 /*7.插入数据*/   
insert into tde_private values (1, 'This is private info');  
 /*8.wallet关闭时    select id from tde_private; 可以执行    select * from tde_private; 提示“wallet is not open”*/