Transparent Data Encryption

Oracle 10.2 on both Solaris and Win2k3

Digging through the Advanced Security Administrator's Guide, trying to set up a simple, easy to administer Transparent Data Encryption environment. Also reading MetaLink bulletin 317311.1.

I used ALTER SYSTEM SET ENCRYPTION KEY IDENTIFIED BY .... to create a wallet in a default location, but I also see the comment that the wallet has to be manually opened every time the db is restarted. The Guide also talks about using wallets with automatic logon enabled, which remain open all the time. When trying to chase that down earlier, I got wadded up in discussions of certificates and other esoterica. Now, going back thru the chapter on Using Wallet Manager, I'm not so sure. But trying to step thru Wallet Manager, I made some other discovories.

Having earlier created a wallet and encrypted a few columns from sqlplus, I already have, as expected, a wallet file ewallet.p12 in ORACL_HOME\admin\<sid>\wallet. Pure default, nothing in sqlnet.ora to direct this. Now, when I open Wallet Manager on this box, it doesn't show the existing wallet and, further, if I start down the path of creating a wallet, WM tells me the default directory doesn't exist. There is nothing on this db that is currently encrypted, so I have nothing to lose by creating a new wallet if need be.

So, in the end, I have two questions:

1. Why does WM not recognize that I have an existing wallet, nor does it recognize that I have an existing default wallet directory?
2. Is there a SIMPLE way to set up TDE so that the wallet does NOT have to be manually opened after db restart? Is this going to require me to get into certificates .... yet another (for me) unexplored area?

Thanks. Received on Tue May 02 2006 - 10:53:39 CDT