Oracle FAQ | Your Portal to the Oracle Knowledge Grid |
Home -> Community -> Usenet -> c.d.o.server -> Re: Transparent Data Encryption
EdStevens schrieb:
> So, it sounds like I don't need a certificate to do this, but I do need
> to back out and start over. To do that, it seems that I should
>
> 1) decrypt the columns I have currently encrypted with my current key
> 2) get rid of the current wallet, located at
> ORACL_HOME\admin\<sid>\wallet (is this as simple as deleting the
> current wallet file? I don't find any sql syntax that looks like it
> would reverse the 'ALTER SYSTEM SET ENCRYPTION KEY....')
> 3) use Wallet Manager to create a new key and wallet
> 4) encrypt the designated columns.
>
> sanity check?
>
That should be ok, however i don't see a reason to restart the whole
thing - any empty wallet is as good as another one. Removing the
ewallet.p12 after all columns are decrypted shouldn't do any harm and
the wallet creation can be repeated many times, i haven't tested however
in case with certificates stored in it.
As i mentioned , personally i find orapki easier to use than OWM , at
least it don't require X running. ( you can consult the proper syntax at
http://download-east.oracle.com/docs/cd/B19306_01/network.102/b14268/asoappf.htm#sthref915
). - in my test setup creation of an autologin wallet looks like:
orapki wallet create -wallet /opt/oracle/admin/ORA102/wallet/ewallet.p12
-auto_login -pwd ORACLE
By opening existing wallet in OWM you point (as opposite to orapki) not to wallet itself, only to the directory containing it ( you should simply ignore all complaints about non existing default directory ).
Best regards
Maxim Received on Wed May 03 2006 - 09:36:44 CDT