Databases Reference
In-Depth Information
Originally, the encryption mode is not enabled (
A
). You must enable the encryption
for the database by setting the
ENCRYPTION
FOR
DATABASE
parameter to
ON
(
B
). Optionally, you can set an encryption algorithm, which by default uses
AES128. A complete list of all supported encryption algorithms can be found in the
V$RMAN_ENCRYPTION_ALGORITHMS
dynamic view.
Algorithm Name
Algorithm Description
AES128
AES 128-bit key
AES192
AES 192-bit key
AES256
AES 256-bit key
Advanced
Encryption
Standard
(
AES
) is an encryption standard adopted by the
U.S. government. AES comprises three block ciphers, AES-128, AES-192 and
AES-256. Each cipher has a 128-bit block size with key sizes of 128, 192 and 256 bits
respectively. AES requires less memory than its predecessor DES and performs fast
on both hardware and software.
The longer the key, the more time it takes to process data, and the harder it is
to attack it. The encryption algorithm you choose depends on your company's
security requirements.
Prior to starting the encrypted backup, you must open the wallet with the
wallet password (
C
). To do this from the
RMAN
prompt, issue the command to
open the wallet.
SQL 'ALTER SYSTEM SET ENCRYPTION WALLET OPEN
IDENTIFIED BY "WalletPassword" ';
Opening the wallet can be done once the Oracle instance has opened the database.
This operation is required for
Transparent
Data
Encryption
(
TDE
) to work. It is
not recommended to write this command to a script as this would expose the wallet
password. Once set, just issue a regular backup command, this procedure will create
a transparent mode encrypted backup (
D
).
Search WWH ::
Custom Search