模拟wallet加密文件恢复(tde)

环境:
OS:Centos 7
DB:11.2.0.4

1.备份加密文件
拷贝到另外的目录或是重命名
[oracle@ora11g wallet]$ mv ewallet.p12 bak_ewallet.p12

2.这个时候尝试关闭或是打开
SQL> alter system set wallet close identified by "123456";

System altered.

SQL> alter system set wallet open identified by "123456";
alter system set wallet open identified by "123456"
*
ERROR at line 1:
ORA-28367: wallet does not exist

3.重建wallet
SQL> alter system set encryption key authenticated by "789000";
alter system set encryption key authenticated by "789000"
*
ERROR at line 1:
ORA-28362: master key not found

这个时候会生成ewallet.p12文件
[oracle@ora11g wallet]$ ls -al
total 8
drwxr-xr-x 2 oracle oinstall 48 Oct 23 07:33 .
drwxr-xr-x. 10 oracle oinstall 139 Oct 23 07:19 ..
-rw-r--r-- 1 oracle oinstall 2845 Oct 23 07:21 bak_ewallet.p12
-rw-r--r-- 1 oracle oinstall 2581 Oct 23 07:33 ewallet.p12

4.尝试使用新的wallet
SQL> alter system set wallet close identified by "789000";

System altered.

SQL> alter system set wallet open identified by "789000";

查看旧的wallet创建的表
SQL> select * from hxl.en_test;
select * from hxl.en_test
*
ERROR at line 1:
ORA-28362: master key not found

这个时候是无法访问了的.

5.恢复
5.1 关闭新的wallet
SQL> alter system set wallet close identified by "789000";

System altered.

5.2 恢复备份的wallet
[oracle@ora11g wallet]$ mv bak_ewallet.p12 ewallet.p12

5.3 使用旧的wallet打开
SQL> alter system set wallet open identified by "123456";

System altered.

这样就可以查看旧wallet加密的表数据了
SQL> select * from hxl.en_test;

ID NAME SALARY
---------- -------------------- ----------
1 hwb 50000

5.4 查看MASTERKEY是否一致

[oracle@ora11g wallet]$ mkstore -wrl /u01/app/oracle/wallet -viewEntry ORACLE.SECURITY.DB.ENCRYPTION.MASTERKEY
Oracle Secret Store Tool : Version 11.2.0.4.0 - Production
Copyright (c) 2004, 2013, Oracle and/or its affiliates. All rights reserved.

Enter wallet password:         

ORACLE.SECURITY.DB.ENCRYPTION.MASTERKEY = AY9BaFi0qU9Bvys187OmwCwAAAAAAAAAAAAAAAAAAAAAAAAAAAAA

SQL> select  utl_raw.cast_to_varchar2( utl_encode.base64_encode('01'||substr(mkeyid,1,4))) || utl_raw.cast_to_varchar2( utl_encode.base64_encode(substr(mkeyid,5,length(mkeyid)))) masterkeyid_base64  FROM (select RAWTOHEX(mkid) mkeyid from x$kcbdbk);

MASTERKEYID_BASE64
--------------------------------------------------------------------------------
AY9BaFi0qU9Bvys187OmwCw=

6.可以继续创建密码表空间
CREATE TABLESPACE tps_sec01
DATAFILE '/u01/app/oracle/oradata/ora11g/tps_sec01_01.dbf'
SIZE 100M
ENCRYPTION
DEFAULT STORAGE (ENCRYPT);

或是创建加密的表
connect hxl/oracle
create table hxl.en_test01 (id int,name varchar(20),salary number(10,2) encrypt using 'AES256');
insert into hxl.en_test01 values(1,'hwb',50000.00);
insert into hxl.en_test01 values(2,'hwb2',30000.00);
commit;

本栏目推荐文章
• C++实现文件内查找字符串
• IDEA项目名称后面出现中括号，模块Modules的名子和文件夹名称不同，可以右键修改名称也可以在File->Project Structure 修改Modules的Name(快捷键ctrl+Shift+Alt+s)
• 和利时MACS6通过dat文件实现任意时间范围与测点的历史数据提取与科研分析
• 类模板分文件编写
• Linux文件IO之二 [补档-2023-07-21]
• Linux文件IO之一 [补偿-2023-07-21]
• 十行python代码实现文件去重，去除重复文件的脚本
• vim编辑器实现左边目录右边是文件内容
• MakeFile文件的使用 [补档-2023-07-13]
• C语言文件操作函数

文件 wallet tde文件wallet tde wallet tde wallet 28365 open ora ethereum wallet all one wallet turn how off 题解digital wallet 1866d 数据库 数据tde oracle tde 数据 数据库tde