제목 : TDE 테스트
테스트 환경
DB 버전 : Oracle 12c EE(12.2.0.1)
OS 버전 : Oracle Linux Server release 7.6
시나리오 요약
1. TDE 환경 구축
2. 테스트용 유저, 테이블스페이스, 테이블 생성
3. TDE 자동 로그인 설정
4. 확인
시나리오 상세 및 테스트 로그
1. TDE 환경 구축
1) 디렉토리 생성
$ cd /u01/app/oracle/product/12.2.0
$ mkdir WALLET
2) sqlnet.ora 편집
[oracle@datasvc-db admin]$ cat sqlnet.ora
# sqlnet.ora Network Configuration File: /u01/app/oracle/product/12.2.0/network/admin/sqlnet.ora
# Generated by Oracle configuration tools.
NAMES.DIRECTORY_PATH= (TNSNAMES, EZCONNECT)
ENCRYPTION_WALLET_LOCATION =
(SOURCE =(METHOD = FILE)(METHOD_DATA =
(DIRECTORY = /u01/app/oracle/product/11.2.0/WALLET)))
#sqlnet.authentication_services=(none)
3) key store 생성
SQL> administer key management create keystore '/u01/app/oracle/product/11.2.0/WALLET/' identified by wallet#123;
keystore altered.
4) open key store
SQL> administer key management set keystore open identified by wallet#123;
keystore altered.
5) key 활성화
SQL> administer key management set key identified by wallet#123 with backup;
keystore altered.
6) 설정 확인
SQL> select con_id, key_id from v$encryption_keys;
CON_ID KEY_ID
---------- ------------------------------------------------------------------------------
0 AQPScKAD2U9Qv+bhIHGUBkkAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
7) key 확인
set lines 200
col wrl_parameter for a50
select * from v$encryption_wallet;
BAC CON_ID
-------------------- -------------------------------------------------- ------------------------------ -------------------- -------
FILE /u01/app/oracle/product/11.2.0/WALLET/ OPEN PASSWORD SINGLE NO 0
2. 테스트용 유저, 테이블스페이스, 테이블 생성
1) 암호화 테이블스페이스 생성
SQL> create tablespace tbs_tde_test datafile '/u01/oradata_12c/ORA12KO/tbs_tde_test_01.dbf' size 100M
2 encryption using 'AES256' default storage(ENCRYPT);
Tablespace created.
2) 유저 생성 / 권한 부여 / 디폴트 테이블스페이스 지정
SQL> create user tde_test identified by "tde_test123!";
User created.
SQL> grant dba to tde_test;
Grant succeeded.
SQL> alter user tde_test default tablespace tbs_tde_test;
User altered.
3) 테스트용 테이블 생성
SQL> conn tde_test/tde_test123!
Connected.
SQL> create table tb_tde_test (owner varchar2(128), table_name varchar(128) encrypt);
Table created.
SQL> insert into tb_tde_test
2 select owner, table_name from dba_tables;
2567 rows created.
SQL> commit;
Commit complete.
4) 테이블정보 확인
SQL> select owner, table_name, column_name, encryption_alg from dba_encrypted_columns
where table_name = 'TB_TDE_TEST'
OWNER TABLE_NAME COLUMN_NAME ENCRYPTION_ALG
------------------------------ ---------------------------------------- ---------------------------------------- ------------------
TDE_TEST TB_TDE_TEST TABLE_NAME AES 192 bits key
3. TDE 자동 로그인 설정
SQL> administer key management create auto_login keystore from keystore '/u01/app/oracle/product/11.2.0/WALLET/' identified by wallet#123;
keystore altered.
4. 재기동 후 확인
- 재기동
SQL> startup force;
- 확인
select * from tde_test.tb_tde_test;
OWNER TABLE_NAME
------------------------------ ----------------------------------------
... 중간 생략 ...
APEX_050000 WWV_MIG_FRM_MENUSMODULEROLES
APEX_050000 WWV_MIG_FRM_MENU
APEX_050000 WWV_MIG_FRM_MENU_MENUITEM
APEX_050000 WWV_MIG_FRM_MENUITEM_ROLE
2567 rows selected.
참고문서 :
https://dbaclass.com/article/transparent-data-encryption-tde-in-oracle-12c/
