You can use BR*Tools for Oracle to manage data encryption as follows:
Open database wallet
Close database wallet
Create database wallet
Delete database wallet
Save database wallet
Change wallet password
Generate new master key
Re-key encrypted tables
Enable auto-open wallet
Disable auto-open wallet
Display database wallet info
Show encryption status
List encrypted tables/columns
List encrypted tablespaces
This section describes how you manage data encryption.
Managing data encryption is part of Instance Management with BR*Tools.
For more information on the approach to database instance management, see Instance Management.
Start the procedure using BRGUI or BRTOOLS, or from the command line:
BRGUI or BRTOOLS:
Choose
.BRGUI or BRTOOLS displays the menu BRSPACE options for manage data encryption, where you specify the options with which you call BRSPACE.
Set the required options:
Menu Entry |
Equivalent BRSPACE Command Option |
---|---|
BRSPACE profile (profile) |
|
Database user/password (user) |
|
Manage encryption action (action) |
|
Encrypted tables for re-key (table) |
|
Confirmation mode (confirm) |
|
Extended output (output) |
|
Message language (language) |
|
BRSPACE command line (command) |
This shows you the BRSPACE -f mdencr command that is to be executed using the current settings. |
Choose Continue.
BRGUI or BRTOOLS prompts you to start BRSPACE.
Choose Continue to start BRSPACE.
Command line:
Enter at least the following command:
brspace -f mdencr
You can enter more options, including the table names and action, if required. For more information, see BRSPACE -f mdencr.
Whichever way you start the procedure - with BRGUI or BRTOOLS, or from the command line - you can use quick mode if you know the object name, in this case the encrypted tables. For more information, see How to Use BR*Tools.
BRSPACE starts and you see a message that includes Start of BRSPACE processing. From now on, BRSPACE writes a detail log.
You can use quick mode as follows:
If you have already entered the action, continue with step 4.
If you have already entered the table names and action, continue with step 6.
BRSPACE displays the Manage data encryption main menu.
Choose or confirm the required action:
Open database wallet
Close database wallet
Create database wallet
Delete database wallet
Save database wallet
Change wallet password
Generate new master key
Re-key encrypted tables
Enable auto-open wallet
Disable auto-open wallet
Display database wallet info
Show encryption status
List encrypted tables/columns
List encrypted tablespaces
If you have already entered the encrypted tables, continue with step 6 (quick mode).
For some actions - such as Re-key encrypted tables - BRSPACE displays the encrypted table list:
List Entry |
Meaning |
---|---|
Pos. |
List sequence number |
Owner |
Table owner |
Table |
Encrypted table name |
*Col./#Tsp. |
Encrypted column / tablespace |
Algorithm. |
Encryption algorithm |
Salt |
SALT encrypted column attribute |
Select a table.
BRSPACE displays the menu, Options for managing data encryption.
Set the required options:
Menu Entry |
Meaning |
---|---|
Database encryption wallet (wallet) - display only |
Database encryption wallet |
Database auto-open wallet (auto_wallet) - display only |
Database auto-open wallet |
Database wallet status (status) - display only |
Database wallet status |
Manage encryption action (action) - display only |
Manage encryption action |
Encrypted tables for re-key (table) - display only |
Encrypted tables for re-key |
Wallet password (password) |
Wallet password |
New wallet password (newpass) |
New wallet password |
Encryption algorithm (algorithm) |
Encryption algorithm |
Force re-key action (force) |
Force re-key action |
Local auto-open wallet (local) |
Local auto-open wallet |
SQL command (command) |
The SQL command that is to be executed using the current settings. For more information, see your Oracle SQL documentation. |
To start processing with the selected options, choose Continue.
Check the results in the BRSPACE Logs.
The summary log space<DBSID>.log displays the return code.
The detail log s<encoded timestamp>.mde displays the details.
For more information about how to view the logs with BR*Tools, see Showing Profiles and Logs with BR*Tools.