Show TOC

Managing Data EncryptionLocate this document in the navigation structure

Context

You can use BR*Tools for Oracle to manage data encryption as follows:

  • Open database wallet

  • Close database wallet

  • Create database wallet

  • Delete database wallet

  • Save database wallet

  • Change wallet password

  • Generate new master key

  • Re-key encrypted tables

  • Enable auto-open wallet

  • Disable auto-open wallet

  • Display database wallet info

  • Show encryption status

  • List encrypted tables/columns

  • List encrypted tablespaces

Note

This section describes how you manage data encryption.

Managing data encryption is part of Instance Management with BR*Tools.

For more information on the approach to database instance management, see Instance Management.

Procedure


  1. Start the procedure using BRGUI or BRTOOLS, or from the command line:

    • BRGUI or BRTOOLS:

      1. Choose Start of the navigation path Instance Management Next navigation step Manage data encryption End of the navigation path.

        BRGUI or BRTOOLS displays the menu BRSPACE options for manage data encryption, where you specify the options with which you call BRSPACE.

      2. Set the required options:

        Menu Entry

        Equivalent BRSPACE

        Command Option

        BRSPACE profile (profile)

        -p|-profile

        Database user/password (user)

        -u|-user

        Manage encryption action (action)

        -f mdencr -a|-action

        Encrypted tables for re-key (table)

        -f mdencr -t|-table

        Confirmation mode (confirm)

        -c|-confirm

        Extended output (output)

        -o|-output

        Message language (language)

        -l|-language

        BRSPACE command line (command)

        This shows you the BRSPACE -f mdencr command that is to be executed using the current settings.

      3. Choose Continue.

        BRGUI or BRTOOLS prompts you to start BRSPACE.

      4. Choose Continue to start BRSPACE.

    • Command line:

      Enter at least the following command:

      brspace -f mdencr

      You can enter more options, including the table names and action, if required. For more information, see BRSPACE -f mdencr.

      Note

      Whichever way you start the procedure - with BRGUI or BRTOOLS, or from the command line - you can use quick mode if you know the object name, in this case the encrypted tables. For more information, see How to Use BR*Tools.

    BRSPACE starts and you see a message that includes Start of BRSPACE processing. From now on, BRSPACE writes a detail log.

  2. You can use quick mode as follows:

    • If you have already entered the action, continue with step 4.

    • If you have already entered the table names and action, continue with step 6.

    BRSPACE displays the Manage data encryption main menu.

  3. Choose or confirm the required action:

    • Open database wallet

    • Close database wallet

    • Create database wallet

    • Delete database wallet

    • Save database wallet

    • Change wallet password

    • Generate new master key

    • Re-key encrypted tables

    • Enable auto-open wallet

    • Disable auto-open wallet

    • Display database wallet info

    • Show encryption status

    • List encrypted tables/columns

    • List encrypted tablespaces

  4. If you have already entered the encrypted tables, continue with step 6 (quick mode).

    For some actions - such as Re-key encrypted tables - BRSPACE displays the encrypted table list:

    List Entry

    Meaning

    Pos.

    List sequence number

    Owner

    Table owner

    Table

    Encrypted table name

    *Col./#Tsp.

    Encrypted column / tablespace

    Algorithm.

    Encryption algorithm

    Salt

    SALT encrypted column attribute

  5. Select a table.

    BRSPACE displays the menu, Options for managing data encryption.

  6. Set the required options:

    Menu Entry

    Meaning

    Database encryption wallet (wallet)

    - display only

    Database encryption wallet

    Database auto-open wallet (auto_wallet)

    - display only

    Database auto-open wallet

    Database wallet status (status)

    - display only

    Database wallet status

    Manage encryption action (action)

    - display only

    Manage encryption action

    Encrypted tables for re-key (table)

    - display only

    Encrypted tables for re-key

    Wallet password (password)

    Wallet password

    New wallet password (newpass)

    New wallet password

    Encryption algorithm (algorithm)

    Encryption algorithm

    Force re-key action (force)

    Force re-key action

    Local auto-open wallet (local)

    Local auto-open wallet

    SQL command (command)

    The SQL command that is to be executed using the current settings. For more information, see your Oracle SQL documentation.

  7. To start processing with the selected options, choose Continue.

Results

Check the results in the BRSPACE Logs.

  • The summary log space<DBSID>.log displays the return code.

  • The detail log s<encoded timestamp>.mde displays the details.

For more information about how to view the logs with BR*Tools, see Showing Profiles and Logs with BR*Tools.