Oracle 11g加密备份

转载请注明出处：http://blog.csdn.net/guoyjoe/article/details/19346703

Oracle的加密方式有三种：透明加密、密码加密、双模式加密。

默认情况下，Oracle会关闭加密功能：
RMAN> show all;
CONFIGURE ENCRYPTION FOR DATABASE OFF; # default
CONFIGURE ENCRYPTION ALGORITHM 'AES128'; # default

sys@OCP> SELECT ALGORITHM_ID,ALGORITHM_NAME FROM V$RMAN_ENCRYPTION_ALGORITHMS;

ALGORITHM_ID ALGORITHM_NAME
------------ ----------------------------------------------------------------
1 AES128
2 AES192
3 AES256

1、透明加密(恢复表空间tp1)
如果要配置透明加密，那在RMAN下用CONFIGURE命令，透明加密也叫钱包加密，它是RMAN的默认加密方法。
这种方法不需要设置密码，很适合在本地的备份与恢复，如果备份不需要传到其他的机器上，建议采用这样的加密方法。
因为不需要密码，只需要配置加密/解密信任书，也就是Oracle Encryption Wallet

（1）设置透明加密，确保wallet是open的
RMAN> CONFIGURE ENCRYPTION FOR DATABASE ON;

new RMAN configuration parameters:
CONFIGURE ENCRYPTION FOR DATABASE ON;
new RMAN configuration parameters are successfully stored

RMAN> set encryption on;

executing command: SET encryption

（2)执行备份，报错。（注意：必须打开数据库钱包）

RMAN> backup as compressed backupset tablespace tp1;

Starting backup at 17-FEB-14
using channel ORA_DISK_1
channel ORA_DISK_1: starting compressed full datafile backup set
channel ORA_DISK_1: specifying datafile(s) in backup set
input datafile file number=00006 name=/u01/app/oracle/oradata/ocm/tp1.dbf
channel ORA_DISK_1: starting piece 1 at 17-FEB-14
RMAN-00571: ===========================================================
RMAN-00569: =============== ERROR MESSAGE STACK FOLLOWS ===============
RMAN-00571: ===========================================================
RMAN-03009: failure of backup command on ORA_DISK_1 channel at 02/17/2014 12:28:11
ORA-19914: unable to encrypt backup
ORA-28365: wallet is not open

（3）创建一个新目录，并指定为Wallet目录/u01/app/oracle/admin/ocp/wallet

[oracle@mydb ocp]$ mkdir -p /u01/app/oracle/admin/ocp/wallet

配置sqlnet.ora(可以不设置)
ENCRYPTION_WALLET_LOCATION=(SOURCE=(METHOD=FILE)(METHOD_DATA=(DIRECTORY=/u01/app/oracle/admin/ocp/wallet)
))

（4）进入SQLPLUS程序，打开钱包，创建wallet,包括设置密码、生成信任文件、并启动wallet。
先查视图V$ENCRYPTION_WALLET看钱包有没有打开
sys@OCP> col WRL_PARAMETER for a50
sys@OCP> SELECT * FROM V$ENCRYPTION_WALLET;

WRL_TYPE WRL_PARAMETER STATUS
-------------------- -------------------------------------------------- ------------------
file /u01/app/oracle/admin/ocp/wallet CLOSED

idle> alter system set wallet open identified by "guoyJoe";

System altered.

（5）简单测试
RMAN> backup as compressed backupset tablespace tp1;

Starting backup at 17-FEB-14
using channel ORA_DISK_1
channel ORA_DISK_1: starting compressed full datafile backup set
channel ORA_DISK_1: specifying datafile(s) in backup set
input datafile file number=00006 name=/u01/app/oracle/oradata/ocm/tp1.dbf
channel ORA_DISK_1: starting piece 1 at 17-FEB-14
channel ORA_DISK_1: finished piece 1 at 17-FEB-14
piece handle=/u01/app/oracle/product/11.2.0/dbs/48p0rotn_1_1 tag=TAG20140217T134423 comment=NONE
channel ORA_DISK_1: backup set complete, elapsed time: 00:00:15
Finished backup at 17-FEB-14

Starting Control File and SPFILE Autobackup at 17-FEB-14
piece handle=/backup/c-2735927810-20140217-02 comment=NONE
Finished Control File and SPFILE Autobackup at 17-FEB-14

RMAN> shutdown immediate;

database closed
database dismounted
Oracle instance shut down

RMAN> startup mount;

connected to target database (not started)
Oracle instance started
database mounted

Total System Global Area 1006809088 bytes

Fixed Size 2233520 bytes
Variable Size 478153552 bytes
Database Buffers 419430400 bytes
Redo Buffers 106991616 bytes

RMAN> restore tablespace tp1;

Starting restore at 17-FEB-14
allocated channel: ORA_DISK_1
channel ORA_DISK_1: SID=18 device type=DISK

channel ORA_DISK_1: starting datafile backup set restore
channel ORA_DISK_1: specifying datafile(s) to restore from backup set
channel ORA_DISK_1: restoring datafile 00006 to /u01/app/oracle/oradata/ocm/tp1.dbf
channel ORA_DISK_1: reading from backup piece /u01/app/oracle/product/11.2.0/dbs/48p0rotn_1_1
RMAN-00571: ===========================================================
RMAN-00569: =============== ERROR MESSAGE STACK FOLLOWS ===============
RMAN-00571: ===========================================================
RMAN-03002: failure of restore command at 02/17/2014 13:45:32
ORA-19870: error while restoring backup piece /u01/app/oracle/product/11.2.0/dbs/48p0rotn_1_1
ORA-19913: unable to decrypt backup
ORA-28365: wallet is not open

RMAN> sql 'alter system set wallet open identified by "guoyJoe"';

sql statement: alter system set wallet open identified by "guoyJoe"

RMAN> restore tablespace tp1;

Starting restore at 17-FEB-14
using channel ORA_DISK_1

channel ORA_DISK_1: starting datafile backup set restore
channel ORA_DISK_1: specifying datafile(s) to restore from backup set
channel ORA_DISK_1: restoring datafile 00006 to /u01/app/oracle/oradata/ocm/tp1.dbf
channel ORA_DISK_1: reading from backup piece /u01/app/oracle/product/11.2.0/dbs/48p0rotn_1_1
channel ORA_DISK_1: piece handle=/u01/app/oracle/product/11.2.0/dbs/48p0rotn_1_1 tag=TAG20140217T134423
channel ORA_DISK_1: restored backup piece 1
channel ORA_DISK_1: restore complete, elapsed time: 00:00:25
Finished restore at 17-FEB-14

RMAN> recover tablespace tp1;

Starting recover at 17-FEB-14
using channel ORA_DISK_1

starting media recovery
media recovery complete, elapsed time: 00:00:00

Finished recover at 17-FEB-14

RMAN> alter database open;

database opened

2、密码加密(恢复表空间tp1)

为特定备份启用密码加密，使用SET ENCRYPTION命令，如下所示：

gyj@OCP> SELECT * FROM V$ENCRYPTION_WALLET;

WRL_TYPE WRL_PARAMETER STATUS
-------------------- -------------------------------------------------- ------------------
file /u01/app/oracle/admin/ocp/wallet CLOSED

RMAN> CONFIGURE ENCRYPTION FOR DATABASE off;

RMAN> show all;
CONFIGURE ENCRYPTION FOR DATABASE OFF;
CONFIGURE ENCRYPTION ALGORITHM 'AES128'; # default

RMAN> shutdown immediate;

database closed
database dismounted
Oracle instance shut down

RMAN> startup mount;

connected to target database (not started)
Oracle instance started
database mounted

Total System Global Area 1006809088 bytes

Fixed Size 2233520 bytes
Variable Size 478153552 bytes
Database Buffers 419430400 bytes
Redo Buffers 106991616 bytes

RMAN> set encryption on identified by "guoyJoe123" only;

executing command: SET encryption

RMAN> backup as compressed backupset tablespace tp1;

Starting backup at 17-FEB-14
allocated channel: ORA_DISK_1
channel ORA_DISK_1: SID=18 device type=DISK
channel ORA_DISK_1: starting compressed full datafile backup set
channel ORA_DISK_1: specifying datafile(s) in backup set
input datafile file number=00006 name=/u01/app/oracle/oradata/ocm/tp1.dbf
channel ORA_DISK_1: starting piece 1 at 17-FEB-14
channel ORA_DISK_1: finished piece 1 at 17-FEB-14
piece handle=/u01/app/oracle/product/11.2.0/dbs/4qp0sa4k_1_1 tag=TAG20140217T183811 comment=NONE
channel ORA_DISK_1: backup set complete, elapsed time: 00:00:15
Finished backup at 17-FEB-14

Starting Control File and SPFILE Autobackup at 17-FEB-14
piece handle=/backup/c-2735927810-20140217-0a comment=NONE
Finished Control File and SPFILE Autobackup at 17-FEB-14

RMAN> alter database open;

database opened

RMAN> shutdown immediate;

database closed
database dismounted
Oracle instance shut down

---册除表空间tp1中的数据文件
[oracle@mydb ocm]$ rm -rf tp1.dbf

RMAN> startup mount;

connected to target database (not started)
Oracle instance started
database mounted

Total System Global Area 1006809088 bytes

Fixed Size 2233520 bytes
Variable Size 478153552 bytes
Database Buffers 419430400 bytes
Redo Buffers 106991616 bytes

RMAN> restore tablespace tp1;

Starting restore at 17-FEB-14
allocated channel: ORA_DISK_1
channel ORA_DISK_1: SID=18 device type=DISK

channel ORA_DISK_1: starting datafile backup set restore
channel ORA_DISK_1: specifying datafile(s) to restore from backup set
channel ORA_DISK_1: restoring datafile 00006 to /u01/app/oracle/oradata/ocm/tp1.dbf
channel ORA_DISK_1: reading from backup piece /u01/app/oracle/product/11.2.0/dbs/4qp0sa4k_1_1
RMAN-00571: ===========================================================
RMAN-00569: =============== ERROR MESSAGE STACK FOLLOWS ===============
RMAN-00571: ===========================================================
RMAN-03002: failure of restore command at 02/17/2014 18:39:50
ORA-19870: error while restoring backup piece /u01/app/oracle/product/11.2.0/dbs/4qp0sa4k_1_1
ORA-19913: unable to decrypt backup
ORA-28365: wallet is not open

RMAN> set decryption identified by "guoyJoe123";

executing command: SET decryption
using target database control file instead of recovery catalog

RMAN> restore tablespace tp1;

Starting restore at 17-FEB-14
allocated channel: ORA_DISK_1
channel ORA_DISK_1: SID=1 device type=DISK

channel ORA_DISK_1: starting datafile backup set restore
channel ORA_DISK_1: specifying datafile(s) to restore from backup set
channel ORA_DISK_1: restoring datafile 00006 to /u01/app/oracle/oradata/ocm/tp1.dbf
channel ORA_DISK_1: reading from backup piece /u01/app/oracle/product/11.2.0/dbs/4qp0sa4k_1_1
channel ORA_DISK_1: piece handle=/u01/app/oracle/product/11.2.0/dbs/4qp0sa4k_1_1 tag=TAG20140217T183811
channel ORA_DISK_1: restored backup piece 1
channel ORA_DISK_1: restore complete, elapsed time: 00:00:25
Finished restore at 17-FEB-14

RMAN> recover tablespace tp1;

Starting recover at 17-FEB-14
using channel ORA_DISK_1

starting media recovery
media recovery complete, elapsed time: 00:00:00

Finished recover at 17-FEB-14

RMAN> alter database open;

database opened

3、双模式加密
可以同时使用透明加密和密码加密。如果使用备份在同一个数据库中执行还原和恢复，而且有时使用备份恢复另一个数据库，
这是一种有用的做法。如果两种方法都有效，可以使用密码或数据库钱包来还原备份。恢复到远程数据库时，必须在恢复前指定密码，
如下所示：
RMAN> set encryption on;

executing command: SET encryption

RMAN> set encryption identified by "guoyJoe12345";

executing command: SET encryption

RMAN>
如果仅为备份使用基于密码的加密，请为SET ENCRYPTION添加ONLY子句：

RMAN> set encryption identified by "guoyJoe12345" only;

executing command: SET encryption

结果，即使ENCRYPTION的默认设置为ON(因此会使用钱包加密方法)，
所有后续备份也仅使用密码加密，这种情况一直持续到关闭密码或完全退出RMAN时为止。

双模式加密是前面2种方式的混合模式,就不再继续测试了。

Oracle 11g加密备份相关推荐

oracle中 initcpa,oracle 11g rman备份
oracle 11g rman备份 Target库准备工作: 1. 查询DBID C:\Documents and Settings\Administrator>sqlplus /nolog S ...
oracle rman catalogo,ORACLE 11g RMAN备份恢复--catalog
rman catalog是为数据备份恢复时,使用恢复目录catalog,与nocatalog的不同是,nocatalog将备份相关的信息记录在了控制文件中,而catalog将备份信息记录在了恢复目录中 ...
oracle 11g ocp 笔记（15）--使用rman进行备份
一.备份的术语关闭与打开(冷备和热备一致性备份和非一致性备份) 打开的备份只能是归档模式下全部与局部局部备份只能是归档模式下. 完整备份和增量备份增量备份分为累计增量备份和差异增量备 ...
Oracle备份standby,Oracle 11g 利用泠备份恢复standby库
Oracle 11g 利用泠备份恢复standby库 1 开始在备库上进行泠备份先查好控制文件.redo.undo文件.数据文件的路径 1.1 先关闭主库的归档日志传输 SQL> ALTER ...
oracle11g备份出错,Oracle 11g备份导入12c错误
Oracle 11g备份导入12c错误 Oracle11g:用户名:FJCPP 表空间:FYSOFT_DATA01 临时表空间:FYSOFT_DATA01 导入:expdp FJCPP/FJCPP D ...
oracle 11g Data Guard物理备份库
两台oracle未安装ARC,俺是小白,占时不会玩arc.ADB高手在于分享,俺小白将下面是Data Guard 主备环境配置过程分享给大家.备份是物理Data Guard 一, 系统:centos ...
Oracle Database 11G 完全备份[Whole Database Backups]概述
Oracle Database 11G 完全备份[Whole Database Backups]概述 RMAN 的完全备份(Whole Database Backups using RMAN) Ora ...
Oracle 11g安装使用、备份恢复并与SpringBoot集成
背景最近接手了一个祖传项目,一个十几年前的 .Net 客户端项目,近期需要修改一个小功能,项目用到了 Oracle 数据库,以下是我在 Windows 7 旗舰版虚拟机上安装使用 Oracle 11 ...
windows下Oracle 11g数据库每天自动备份的实现方法
方式一一.以exp命令备份 1.首先做个批处理脚本:backup.bat 脚本内容如下 @echo off set curdate=%date:~0,4%%date:~5,2%%da ...

Oracle 11g加密备份

Oracle 11g加密备份相关推荐

最新文章

热门文章