Re: Transparent Data Encryption

EdStevens schrieb:
> So, it sounds like I don't need a certificate to do this, but I do need
> to back out and start over. To do that, it seems that I should
>
> 1) decrypt the columns I have currently encrypted with my current key
> 2) get rid of the current wallet, located at
> ORACL_HOME\admin\<sid>\wallet (is this as simple as deleting the
> current wallet file? I don't find any sql syntax that looks like it
> would reverse the 'ALTER SYSTEM SET ENCRYPTION KEY....')
> 3) use Wallet Manager to create a new key and wallet
> 4) encrypt the designated columns.
>
> sanity check?
>

That should be ok, however i don't see a reason to restart the whole thing - any empty wallet is as good as another one. Removing the ewallet.p12 after all columns are decrypted shouldn't do any harm and the wallet creation can be repeated many times, i haven't tested however in case with certificates stored in it.
As i mentioned , personally i find orapki easier to use than OWM , at least it don't require X running. ( you can consult the proper syntax at http://download-east.oracle.com/docs/cd/B19306_01/network.102/b14268/asoappf.htm#sthref915 ). - in my test setup creation of an autologin wallet looks like: orapki wallet create -wallet /opt/oracle/admin/ORA102/wallet/ewallet.p12   -auto_login -pwd ORACLE

By opening existing wallet in OWM you point (as opposite to orapki) not to wallet itself, only to the directory containing it ( you should simply ignore all complaints about non existing default directory ).

Best regards

Maxim Received on Wed May 03 2006 - 09:36:44 CDT