To encrypt an existing tablespace with online conversion, use ALTER TABLESPACE with the ONLINE and ENCRYPT clauses.
-
Log in to the DB instance as a system user.
SQL> connect system/<password>;
-
Open the HSM Keystore.
SQL> ADMINISTER KEY MANAGEMENT SET KEYSTORE OPEN IDENTIFIED BY <hsm_password>;
-
Create a tablespace.
SQL> create tablespace NONSECURE_TS DATAFILE 'C:/Oraclenew/oradata/ORCLNEW/NONSECURETS_01.DBF' SIZE 10M;
-
Create EMP table inside the NONSECURE_TS tablespace.
SQL> create table EMP (EMPID NUMBER(4),NAME VARCHAR(100),SALARY NUMBER(6)) tablespace NONSECURE_TS;
-
Add data to the EMP table.
SQL> insert into EMP values (0001, 'Michael Jackson', 999999);
SQL> insert into EMP values (0002, 'Lady Gaga', 888888);
SQL> insert into EMP values (0003, 'Freddie Mercury', 777777);
SQL> insert into EMP values (0004, 'Steven Tyler', 666666);
SQL> commit;
-
View the data from the EMP table.
SQL> select * from EMP;
-
Check that the COMPATIBLE parameter is set correctly according to the DB version.
SQL> show PARAMETER COMPATIBLE;
Example
SQL> show PARAMETER COMPATIBLE;
NAME TYPE VALUE
------------ ----------- ------
compatible string 23.6.0
-
Encrypt the NONSECURE_TS tablespace.
SQL> alter tablespace NONSECURE_TS ENCRYPTION ONLINE using 'AES192' ENCRYPT FILE_NAME_CONVERT = ('NONSECURETS_01.DBF','SECURETS_02.DBF');
-
View data from the EMP table.
SQL> select * from EMP;
-
Verify the NONSECURE_TS tablespace got encrypted.
SQL> Select TABLESPACE_NAME, ENCRYPTED FROM DBA_TABLESPACES;
-
Close the keystore.
SQL> ADMINISTER KEY MANAGEMENT SET KEYSTORE CLOSE IDENTIFIED BY <hsm_password>;
Now, try to view the contents of the EMP table; nothing is displayed as the wallet is closed.
As the keystore is closed, you will get an error message “ORA-28365: wallet is not open” and hence you cannot view the data from the EMP table.
-
Open the keystore.
SQL> ADMINISTER KEY MANAGEMENT SET KEYSTORE OPEN IDENTIFIED BY <hsm_password>;
-
Verify the EMP table.
SQL> select * from EMP;