Tablespace Encryption in Oracle 11g

No Comments

Tablespace encryption is a feature introduced to increase security of your database.

The idea is that by encrypting your tablespaces, you will stop anyone who gets a copy of your datafiles outside of your database from being able to access the data on them.

For example someone may be able to get copies of your datafiles from backup tapes etc and tablespace encryption would make it more difficult for them to access th edata contained.

Tablespace encryption must be set up when the tablespace is created. You can not encrypt an existing tablespace with the ALTER TABLE command.

The syntrax for creating an encrypted tablespace is:

CREATE TABLESPACE secure_ts DATAFILE ‘/ u02/ app/ oracle/ oradata/ orcl11g/ secure01. dbf’ SIZE 200M ENCRYPTION DEFAULT STORAGE( ENCRYPT);

So you simply add the ‘ENCRYPTION DEFAULT STORAGE( ENCRYPT)’ option to the end of your create tablespace command.

You need an Oracle Wallet to store the encryption key so this must be set up first.

When recovering a database with encrypted tablespaces you must open the Oracle wallet that contains the encryption key after database mount and before database open, so the recovery process can decrypt data blocks and redo.