Oracle Data Pump与加密

高级安全指南里说的比较少，所以看了以下2个白皮书：

• Oracle Data Pump Encrypted Columns Support 10g
• Oracle Data Pump Encrypted Dump File Support 11g
• Protect your data with Encrypted Data Pump Jobs

TDE只保证数据库内数据的加密，出库即解密。

所以出库后的加密，需要依赖于RMAN或Data Pump。此时才会有password，wallet和dual mode的概念。

两个有用的例子。

外部表dump文件，加密整个文件：

CREATE TABLE XDEPT (
deptno,
dname,
loc)
ORGANIZATION EXTERNAL
(
TYPE ORACLE_DATAPUMP
DEFAULT DIRECTORY DATA_PUMP_DIR
ACCESS PARAMETERS (ENCRYPTION ENABLED)
LOCATION ('xdept.dmp')
)
REJECT LIMIT UNLIMITED
AS SELECT * FROM DEPT;

ERROR at line 1:
ORA-29913: error in executing ODCIEXTTABLEPOPULATE callout
ORA-39188: unable to encrypt dump file set
ORA-28365: wallet is not open

外部表dump文件，加密某列：

CREATE TABLE XEMP (
empid,
empname,
salary ENCRYPT IDENTIFIED BY "column_pwd")
ORGANIZATION EXTERNAL
(
TYPE ORACLE_DATAPUMP
LOCATION ('xemp.dmp')
)
REJECT LIMIT UNLIMITED
AS SELECT empno, ename, sal FROM EMP;

ERROR at line 11:
ORA-28365: wallet is not open