Oracle 11g加密备份
转载请注明出处:http://blog.csdn.net/guoyjoe/article/details/19346703Oracle的加密方式有三种:透明加密、密码加密、双模式加密。
默认情况下,Oracle会关闭加密功能:
RMAN> show all;
CONFIGURE ENCRYPTION FOR DATABASE OFF; # default
CONFIGURE ENCRYPTION ALGORITHM 'AES128'; # default
sys@OCP> SELECT ALGORITHM_ID,ALGORITHM_NAME FROM V$RMAN_ENCRYPTION_ALGORITHMS;
ALGORITHM_ID ALGORITHM_NAME
------------ ----------------------------------------------------------------
1 AES128
2 AES192
3 AES256
1、透明加密(恢复表空间tp1)
如果要配置透明加密,那在RMAN下用CONFIGURE命令,透明加密也叫钱包加密,它是RMAN的默认加密方法。
这种方法不需要设置密码,很适合在本地的备份与恢复,如果备份不需要传到其他的机器上,建议采用这样的加密方法。
因为不需要密码,只需要配置加密/解密信任书,也就是Oracle Encryption Wallet
(1)设置透明加密,确保wallet是open的
RMAN> CONFIGURE ENCRYPTION FOR DATABASE ON;
new RMAN configuration parameters:
CONFIGURE ENCRYPTION FOR DATABASE ON;
new RMAN configuration parameters are successfully stored
RMAN> set encryption on;
executing command: SET encryption
(2)执行备份,报错。(注意:必须打开数据库钱包)
RMAN> backup as compressed backupset tablespace tp1;
Starting backup at 17-FEB-14
using channel ORA_DISK_1
channel ORA_DISK_1: starting compressed full datafile backup set
channel ORA_DISK_1: specifying datafile(s) in backup set
input datafile file number=00006 name=/u01/app/oracle/oradata/ocm/tp1.dbf
channel ORA_DISK_1: starting piece 1 at 17-FEB-14
RMAN-00571: ===========================================================
RMAN-00569: =============== ERROR MESSAGE STACK FOLLOWS ===============
RMAN-00571: ===========================================================
RMAN-03009: failure of backup command on ORA_DISK_1 channel at 02/17/2014 12:28:11
ORA-19914: unable to encrypt backup
ORA-28365: wallet is not open
(3)创建一个新目录,并指定为Wallet目录/u01/app/oracle/admin/ocp/wallet
$ mkdir -p /u01/app/oracle/admin/ocp/wallet
配置sqlnet.ora(可以不设置)
ENCRYPTION_WALLET_LOCATION=(SOURCE=(METHOD=FILE)(METHOD_DATA=(DIRECTORY=/u01/app/oracle/admin/ocp/wallet)
))
(4)进入SQLPLUS程序,打开钱包,创建wallet,包括设置密码、生成信任文件、并启动wallet。
先查视图V$ENCRYPTION_WALLET看钱包有没有打开
sys@OCP> col WRL_PARAMETER for a50
sys@OCP>SELECT * FROM V$ENCRYPTION_WALLET;
WRL_TYPE WRL_PARAMETER STATUS
-------------------- -------------------------------------------------- ------------------
file /u01/app/oracle/admin/ocp/wallet CLOSED
idle>alter system set wallet open>
System> (5)简单测试
RMAN> backup as compressed backupset tablespace tp1;
Starting backup at 17-FEB-14
using channel ORA_DISK_1
channel ORA_DISK_1: starting compressed full datafile backup set
channel ORA_DISK_1: specifying datafile(s) in backup set
input datafile file number=00006 name=/u01/app/oracle/oradata/ocm/tp1.dbf
channel ORA_DISK_1: starting piece 1 at 17-FEB-14
channel ORA_DISK_1: finished piece 1 at 17-FEB-14
piece handle=/u01/app/oracle/product/11.2.0/dbs/48p0rotn_1_1 tag=TAG20140217T134423 comment=NONE
channel ORA_DISK_1: backup set complete, elapsed time: 00:00:15
Finished backup at 17-FEB-14
Starting Control File and SPFILE Autobackup at 17-FEB-14
piece handle=/backup/c-2735927810-20140217-02 comment=NONE
Finished Control File and SPFILE Autobackup at 17-FEB-14
RMAN> shutdown immediate;
database closed
database dismounted
Oracle instance shut down
RMAN> startup mount;
connected to target database (not started)
Oracle instance started
database mounted
Total System Global Area 1006809088 bytes
Fixed>
Variable> Database Buffers 419430400 bytes
Redo Buffers 106991616 bytes
RMAN> restore tablespace tp1;
Starting restore at 17-FEB-14
allocated channel: ORA_DISK_1
channel ORA_DISK_1: SID=18 device type=DISK
channel ORA_DISK_1: starting datafile backup set restore
channel ORA_DISK_1: specifying datafile(s) to restore from backup set
channel ORA_DISK_1: restoring datafile 00006 to /u01/app/oracle/oradata/ocm/tp1.dbf
channel ORA_DISK_1: reading from backup piece /u01/app/oracle/product/11.2.0/dbs/48p0rotn_1_1
RMAN-00571: ===========================================================
RMAN-00569: =============== ERROR MESSAGE STACK FOLLOWS ===============
RMAN-00571: ===========================================================
RMAN-03002: failure of restore command at 02/17/2014 13:45:32
ORA-19870: error while restoring backup piece /u01/app/oracle/product/11.2.0/dbs/48p0rotn_1_1
ORA-19913: unable to decrypt backup
ORA-28365: wallet is not open
RMAN> sql 'alter system set wallet open>
sql statement:> RMAN> restore tablespace tp1;
Starting restore at 17-FEB-14
using channel ORA_DISK_1
channel ORA_DISK_1: starting datafile backup set restore
channel ORA_DISK_1: specifying datafile(s) to restore from backup set
channel ORA_DISK_1: restoring datafile 00006 to /u01/app/oracle/oradata/ocm/tp1.dbf
channel ORA_DISK_1: reading from backup piece /u01/app/oracle/product/11.2.0/dbs/48p0rotn_1_1
channel ORA_DISK_1: piece handle=/u01/app/oracle/product/11.2.0/dbs/48p0rotn_1_1 tag=TAG20140217T134423
channel ORA_DISK_1: restored backup piece 1
channel ORA_DISK_1: restore complete, elapsed time: 00:00:25
Finished restore at 17-FEB-14
RMAN> recover tablespace tp1;
Starting recover at 17-FEB-14
using channel ORA_DISK_1
starting media recovery
media recovery complete, elapsed time: 00:00:00
Finished recover at 17-FEB-14
RMAN>> database opened
2、密码加密(恢复表空间tp1)
为特定备份启用密码加密,使用SET ENCRYPTION命令,如下所示:
gyj@OCP> SELECT * FROM V$ENCRYPTION_WALLET;
WRL_TYPE WRL_PARAMETER STATUS
-------------------- -------------------------------------------------- ------------------
file /u01/app/oracle/admin/ocp/wallet CLOSED
RMAN> CONFIGURE ENCRYPTION FOR DATABASE off;
RMAN> show all;
CONFIGURE ENCRYPTION FOR DATABASE OFF;
CONFIGURE ENCRYPTION ALGORITHM 'AES128'; # default
RMAN> shutdown immediate;
database closed
database dismounted
Oracle instance shut down
RMAN> startup mount;
connected to target database (not started)
Oracle instance started
database mounted
Total System Global Area 1006809088 bytes
Fixed>
Variable> Database Buffers 419430400 bytes
Redo Buffers 106991616 bytes
RMAN> set encryption on>
executing command: SET encryption
RMAN> backup as compressed backupset tablespace tp1;
Starting backup at 17-FEB-14
allocated channel: ORA_DISK_1
channel ORA_DISK_1: SID=18 device type=DISK
channel ORA_DISK_1: starting compressed full datafile backup set
channel ORA_DISK_1: specifying datafile(s) in backup set
input datafile file number=00006 name=/u01/app/oracle/oradata/ocm/tp1.dbf
channel ORA_DISK_1: starting piece 1 at 17-FEB-14
channel ORA_DISK_1: finished piece 1 at 17-FEB-14
piece handle=/u01/app/oracle/product/11.2.0/dbs/4qp0sa4k_1_1 tag=TAG20140217T183811 comment=NONE
channel ORA_DISK_1: backup set complete, elapsed time: 00:00:15
Finished backup at 17-FEB-14
Starting Control File and SPFILE Autobackup at 17-FEB-14
piece handle=/backup/c-2735927810-20140217-0a comment=NONE
Finished Control File and SPFILE Autobackup at 17-FEB-14
RMAN>> database opened
RMAN> shutdown immediate;
database closed
database dismounted
Oracle instance shut down
---册除表空间tp1中的数据文件
$ rm -rf tp1.dbf
RMAN> startup mount;
connected to target database (not started)
Oracle instance started
database mounted
Total System Global Area 1006809088 bytes
Fixed>
Variable> Database Buffers 419430400 bytes
Redo Buffers 106991616 bytes
RMAN> restore tablespace tp1;
Starting restore at 17-FEB-14
allocated channel: ORA_DISK_1
channel ORA_DISK_1: SID=18 device type=DISK
channel ORA_DISK_1: starting datafile backup set restore
channel ORA_DISK_1: specifying datafile(s) to restore from backup set
channel ORA_DISK_1: restoring datafile 00006 to /u01/app/oracle/oradata/ocm/tp1.dbf
channel ORA_DISK_1: reading from backup piece /u01/app/oracle/product/11.2.0/dbs/4qp0sa4k_1_1
RMAN-00571: ===========================================================
RMAN-00569: =============== ERROR MESSAGE STACK FOLLOWS ===============
RMAN-00571: ===========================================================
RMAN-03002: failure of restore command at 02/17/2014 18:39:50
ORA-19870: error while restoring backup piece /u01/app/oracle/product/11.2.0/dbs/4qp0sa4k_1_1
ORA-19913: unable to decrypt backup
ORA-28365: wallet is not open
RMAN> set decryption>
executing command: SET decryption
using target database control file instead of recovery catalog
RMAN> restore tablespace tp1;
Starting restore at 17-FEB-14
allocated channel: ORA_DISK_1
channel ORA_DISK_1: SID=1 device type=DISK
channel ORA_DISK_1: starting datafile backup set restore
channel ORA_DISK_1: specifying datafile(s) to restore from backup set
channel ORA_DISK_1: restoring datafile 00006 to /u01/app/oracle/oradata/ocm/tp1.dbf
channel ORA_DISK_1: reading from backup piece /u01/app/oracle/product/11.2.0/dbs/4qp0sa4k_1_1
channel ORA_DISK_1: piece handle=/u01/app/oracle/product/11.2.0/dbs/4qp0sa4k_1_1 tag=TAG20140217T183811
channel ORA_DISK_1: restored backup piece 1
channel ORA_DISK_1: restore complete, elapsed time: 00:00:25
Finished restore at 17-FEB-14
RMAN> recover tablespace tp1;
Starting recover at 17-FEB-14
using channel ORA_DISK_1
starting media recovery
media recovery complete, elapsed time: 00:00:00
Finished recover at 17-FEB-14
RMAN>> database opened
3、双模式加密
可以同时使用透明加密和密码加密。如果使用备份在同一个数据库中执行还原和恢复,而且有时使用备份恢复另一个数据库,
这是一种有用的做法。如果两种方法都有效,可以使用密码或数据库钱包来还原备份。恢复到远程数据库时,必须在恢复前指定密码,
如下所示:
RMAN> set encryption on;
executing command: SET encryption
RMAN> set encryption> executing command: SET encryption
RMAN>
如果仅为备份使用基于密码的加密,请为SET ENCRYPTION添加ONLY子句:
RMAN> set encryption> executing command: SET encryption
结果,即使ENCRYPTION的默认设置为ON(因此会使用钱包加密方法),
所有后续备份也仅使用密码加密,这种情况一直持续到关闭密码或完全退出RMAN时为止。
双模式加密是前面2种方式的混合模式,就不再继续测试了。
页:
[1]