<<Back to Oracle DB Security Main Page
You can create the TDE Master Encryption Keys in two ways
The following statement creates and activates a master encryption key in a password-protected software keystore.
First Method: Create and Activate the Key
SQL> ADMINISTER KEY MANAGEMENT SET KEY IDENTIFIED BY password WITH BACKUP;
But if you are planning to create the TDE Master Encryption Key to use it in future use the below command. This command just creates the TDE Master Encryption Key but does not activate the key
Second Method: Only Creates The Key. Later you have to manually activate it if you want to use it
SQL> ADMINISTER KEY MANAGEMENT CREATE KEY IDENTIFIED BY password WITH BACKUP;
In case you have AUTOLOGIN or LOCAL_AUTOLOGIN Keystore use FORCE KEYSTORE clause to create the Key
SQL> ADMINISTER KEY MANAGEMENT CREATE KEY FORCE KEYSTORE IDENTIFIED BY Password WITH BACKUP;
keystore altered.
The Key you create with CREATE KEY command is not used until you use it. You can use this Key using USE KEY command
Lets Find the Key I just created and activate it.
SQL> select KEY_ID,CREATION_TIME,ACTIVATION_TIME,ACTIVATING_DBNAME from V$ENCRYPTION_KEYS order by CREATION_TIME,;
SQL> ADMINISTER KEY MANAGEMENT USE KEY 'AVZJ6F/C/XL23G/l7Vard4AAAAAAAAAAAAAAAAAAAAAAAAAAAAA' IDENTIFIED BY Password WITH BACKUP;
Check the Key is not activated
SQL> select KEY_ID,CREATION_TIME,ACTIVATION_TIME,ACTIVATING_DBNAME from V$ENCRYPTION_KEYS order by CREATION_TIME,;
Comments
Post a Comment