Oracle Transparent Data Encryption

Transparent Data Encryption

Database Level encrytion of columns of a table.

Normally used to protect confidential data like credit card information Social security number.

The database encrypted can be accessed by only authorized users only i.e users with privilege to access

the table.

To Enable.

SYS-SQL>alter system set encryption key identified by <password>;

Above command creates or recreates "wallet key" i.e master encryption key in $ORACLE_BASE/ADMIN/<ORACLE_SID>/wallet

All this encryption (inserts) and decrytion (select) is done at database level, user need not

do anything.

Once created the wallet is open automatically and is closed on db shutdown, and has to manually

open through following command

SYS-SQL>alter system set encryption wallet open identified by <password>;

sqlnet.ora file points out to the location of the master key through this value ENCRYPTION_WALLET_LOCATION

To encrypt the columns of a table

ALTER TABLE <TABLE_NAME> MODIFY (<COLUMN_NAME> ENCRYPT);

To decrypt the columns of a table

ALTER TABLE <TABLE_NAME> MODIFY (<COLUMN_NAME> DECRYPT);

Note : Backup of the wallet key should be taken, because the key using which encryption is done, is required for decryption