Oracle Transparent Data Encryption

Transparent Data Encryption

Database Level encrytion of columns of a table.
Normally used to protect confidential data like credit card information Social security number.
The database encrypted can be accessed by only authorized users only i.e users with privilege to access
the table.

To Enable.

SYS-SQL>alter system set encryption key identified by <password>;

Above command creates or recreates "wallet key" i.e master encryption key in $ORACLE_BASE/ADMIN/<ORACLE_SID>/wallet

All this encryption (inserts) and decrytion (select) is done at database level, user need not
do anything.

Once created the wallet is open automatically and is closed on db shutdown, and has to manually
open through following command

SYS-SQL>alter system set encryption wallet open identified by <password>;
 
sqlnet.ora file points out to the location of the master key through this value ENCRYPTION_WALLET_LOCATION
 
To encrypt the columns of a table
ALTER TABLE <TABLE_NAME> MODIFY (<COLUMN_NAME> ENCRYPT);
 
To decrypt the columns of a table
ALTER TABLE <TABLE_NAME> MODIFY (<COLUMN_NAME> DECRYPT);
 
Note : Backup of the wallet key should be taken, because the key using which encryption is done, is required for decryption 
Comments