Oracle 11g加密备份

东方菇凉

Oracle的加密方式有三种：透明加密、密码加密、双模式加密。

默认情况下，Oracle会关闭加密功能：
RMAN> show all;关注更多可点击cuug新官网。
CONFIGURE ENCRYPTION FOR DATABASE OFF; # default
CONFIGURE ENCRYPTION ALGORITHM 'AES128'; # default


sys@OCP> SELECT ALGORITHM_ID,ALGORITHM_NAME FROM V$RMAN_ENCRYPTION_ALGORITHMS;


ALGORITHM_ID ALGORITHM_NAME
------------ ----------------------------------------------------------------
          1 AES128
          2 AES192
          3 AES256

1、透明加密(恢复表空间tp1)
如果要配置透明加密，那在RMAN下用CONFIGURE命令，透明加密也叫钱包加密，它是RMAN的默认加密方法。
这种方法不需要设置密码，很适合在本地的备份与恢复，如果备份不需要传到其他的机器上，建议采用这样的加密方法。因为不需要密码，只需要配置加密/解密信任书，也就是Oracle Encryption Wallet

（1）设置透明加密，确保wallet是open的
RMAN> CONFIGURE ENCRYPTION FOR DATABASE ON;

new RMAN configuration parameters:
CONFIGURE ENCRYPTION FOR DATABASE ON;
new RMAN configuration parameters are successfully stored


RMAN> set encryption on;

executing command: SET encryption

（2)执行备份，报错。（注意：必须打开数据库钱包）

  RMAN> backup as compressed backupset tablespace tp1;

Starting backup at 17-FEB-14
using channel ORA_DISK_1
channel ORA_DISK_1: starting compressed full datafile backup set
channel ORA_DISK_1: specifying datafile(s) in backup set
input datafile file number=00006 name=/u01/app/oracle/oradata/ocm/tp1.dbf
channel ORA_DISK_1: starting piece 1 at 17-FEB-14
RMAN-00571: ===========================================================
RMAN-00569: =============== ERROR MESSAGE STACK FOLLOWS ===============
RMAN-00571: ===========================================================
RMAN-03009: failure of backup command on ORA_DISK_1 channel at 02/17/2014 12:28:11
ORA-19914: unable to encrypt backup
ORA-28365: wallet is not open

（3）创建一个新目录，并指定为Wallet目录/u01/app/oracle/admin/ocp/wallet


[oracle@mydb ocp]$ mkdir -p /u01/app/oracle/admin/ocp/wallet

配置sqlnet.ora(可以不设置)
ENCRYPTION_WALLET_LOCATION=(SOURCE=(METHOD=FILE)(METHOD_DATA=(DIRECTORY=/u01/app/oracle/admin/ocp/wallet)
))


（4）进入SQLPLUS程序，打开钱包，创建wallet,包括设置密码、生成信任文件、并启动wallet。
先查视图V$ENCRYPTION_WALLET看钱包有没有打开
sys@OCP> col WRL_PARAMETER for a50
sys@OCP>  SELECT * FROM V$ENCRYPTION_WALLET;


WRL_TYPE            WRL_PARAMETER                                      STATUS
-------------------- -------------------------------------------------- ------------------
file                /u01/app/oracle/admin/ocp/wallet                  CLOSED


idle>  alter system set wallet open identified by "guoyJoe";


System altered.

（5）简单测试
  RMAN> backup as compressed backupset tablespace tp1;


Starting backup at 17-FEB-14
using channel ORA_DISK_1
channel ORA_DISK_1: starting compressed full datafile backup set
channel ORA_DISK_1: specifying datafile(s) in backup set
input datafile file number=00006 name=/u01/app/oracle/oradata/ocm/tp1.dbf
channel ORA_DISK_1: starting piece 1 at 17-FEB-14
channel ORA_DISK_1: finished piece 1 at 17-FEB-14
piece handle=/u01/app/oracle/product/11.2.0/dbs/48p0rotn_1_1 tag=TAG20140217T134423 comment=NONE
channel ORA_DISK_1: backup set complete, elapsed time: 00:00:15
Finished backup at 17-FEB-14


Starting Control File and SPFILE Autobackup at 17-FEB-14
piece handle=/backup/c-2735927810-20140217-02 comment=NONE
Finished Control File and SPFILE Autobackup at 17-FEB-14


RMAN> shutdown immediate;


database closed
database dismounted
Oracle instance shut down


RMAN> startup mount;


connected to target database (not started)
Oracle instance started
database mounted

Total System Global Area    1006809088 bytes

Fixed Size                    2233520 bytes
Variable Size                478153552 bytes
Database Buffers            419430400 bytes
Redo Buffers                106991616 bytes

RMAN> restore tablespace tp1;


Starting restore at 17-FEB-14
allocated channel: ORA_DISK_1
channel ORA_DISK_1: SID=18 device type=DISK

channel ORA_DISK_1: starting datafile backup set restore
channel ORA_DISK_1: specifying datafile(s) to restore from backup set
channel ORA_DISK_1: restoring datafile 00006 to /u01/app/oracle/oradata/ocm/tp1.dbf
channel ORA_DISK_1: reading from backup piece /u01/app/oracle/product/11.2.0/dbs/48p0rotn_1_1
RMAN-00571: ===========================================================
RMAN-00569: =============== ERROR MESSAGE STACK FOLLOWS ===============
RMAN-00571: ===========================================================
RMAN-03002: failure of restore command at 02/17/2014 13:45:32
ORA-19870: error while restoring backup piece /u01/app/oracle/product/11.2.0/dbs/48p0rotn_1_1
ORA-19913: unable to decrypt backup
ORA-28365: wallet is not open

RMAN> sql 'alter system set wallet open identified by "guoyJoe"';

sql statement: alter system set wallet open identified by "guoyJoe"

RMAN> restore tablespace tp1;


Starting restore at 17-FEB-14
using channel ORA_DISK_1


channel ORA_DISK_1: starting datafile backup set restore
channel ORA_DISK_1: specifying datafile(s) to restore from backup set
channel ORA_DISK_1: restoring datafile 00006 to /u01/app/oracle/oradata/ocm/tp1.dbf
channel ORA_DISK_1: reading from backup piece /u01/app/oracle/product/11.2.0/dbs/48p0rotn_1_1
channel ORA_DISK_1: piece handle=/u01/app/oracle/product/11.2.0/dbs/48p0rotn_1_1 tag=TAG20140217T134423
channel ORA_DISK_1: restored backup piece 1
channel ORA_DISK_1: restore complete, elapsed time: 00:00:25
Finished restore at 17-FEB-14

RMAN> recover tablespace tp1;

Starting recover at 17-FEB-14
using channel ORA_DISK_1

starting media recovery
media recovery complete, elapsed time: 00:00:00
Finished recover at 17-FEB-14

RMAN> alter database open;

database opened