默认情况下,Oracle会关闭加密功能:
RMAN> show all;
CONFIGURE ENCRYPTION FOR DATABASE OFF; # default
CONFIGURE ENCRYPTION ALGORITHM 'AES128'; # default
sys@OCP> SELECT ALGORITHM_ID,ALGORITHM_NAME FROM V$RMAN_ENCRYPTION_ALGORITHMS;
ALGORITHM_ID ALGORITHM_NAME
------------ ----------------------------------------------------------------
1 AES128
2 AES192
3 AES256
1、透明加密(恢复表空间tp1)
如果要配置透明加密,那在RMAN下用CONFIGURE命令,透明加密也叫钱包加密,它是RMAN的默认加密方法。
这种方法不需要设置密码,很适合在本地的备份与恢复,如果备份不需要传到其他的机器上,建议采用这样的加密方法。因为不需要密码,只需要配置加密/解密信任书,也就是Oracle Encryption Wallet
(1)设置透明加密,确保wallet是open的
RMAN> CONFIGURE ENCRYPTION FOR DATABASE ON;
new RMAN configuration parameters:
CONFIGURE ENCRYPTION FOR DATABASE ON;
new RMAN configuration parameters are successfully stored
RMAN> set encryption on;
executing command: SET encryption
(2)执行备份,报错。(注意:必须打开数据库钱包)
RMAN> backup as compressed backupset tablespace tp1;
Starting backup at 17-FEB-14
using channel ORA_DISK_1
channel ORA_DISK_1: starting compressed full datafile backup set
channel ORA_DISK_1: specifying datafile(s) in backup set
input datafile file number=00006 name=/u01/app/oracle/oradata/ocm/tp1.dbf
channel ORA_DISK_1: starting piece 1 at 17-FEB-14
RMAN-00571: ===========================================================
RMAN-00569: =============== ERROR MESSAGE STACK FOLLOWS ===============
RMAN-00571: ===========================================================
RMAN-03009: failure of backup command on ORA_DISK_1 channel at 02/17/2014 12:28:11
ORA-19914: unable to encrypt backup
ORA-28365: wallet is not open
(3)创建一个新目录,并指定为Wallet目录/u01/app/oracle/admin/ocp/wallet
[oracle@mydb ocp]$ mkdir -p /u01/app/oracle/admin/ocp/wallet
配置sqlnet.ora(可以不设置)
ENCRYPTION_WALLET_LOCATION=(SOURCE=(METHOD=FILE)(METHOD_DATA=(DIRECTORY=/u01/app/oracle/admin/ocp/wallet)
))
(4)进入SQLPLUS程序,打开钱包,创建wallet,包括设置密码、生成信任文件、并启动wallet。
先查视图V$ENCRYPTION_WALLET看钱包有没有打开
sys@OCP> col WRL_PARAMETER for a50
sys@OCP> SELECT * FROM V$ENCRYPTION_WALLET;
WRL_TYPE WRL_PARAMETER STATUS
-------------------- -------------------------------------------------- ------------------
file /u01/app/oracle/admin/ocp/wallet CLOSED
idle> alter system set wallet open identified by "guoyJoe";
System altered.
(5)简单测试
RMAN> backup as compressed backupset tablespace tp1;
Starting backup at 17-FEB-14
using channel ORA_DISK_1
channel ORA_DISK_1: starting compressed full datafile backup set
channel ORA_DISK_1: specifying datafile(s) in backup set
input datafile file number=00006 name=/u01/app/oracle/oradata/ocm/tp1.dbf
channel ORA_DISK_1: starting piece 1 at 17-FEB-14
channel ORA_DISK_1: finished piece 1 at 17-FEB-14
piece handle=/u01/app/oracle/product/11.2.0/dbs/48p0rotn_1_1 tag=TAG20140217T134423 comment=NONE
channel ORA_DISK_1: backup set complete, elapsed time: 00:00:15
Finished backup at 17-FEB-14
Starting Control File and SPFILE Autobackup at 17-FEB-14
piece handle=/backup/c-2735927810-20140217-02 comment=NONE
Finished Control File and SPFILE Autobackup at 17-FEB-14
RMAN> shutdown immediate;
database closed
database dismounted
Oracle instance shut down
RMAN> startup mount;
connected to target database (not started)
Oracle instance started
database mounted
Total System Global Area 1006809088 bytes
Fixed Size 2233520 bytes
Variable Size