Professional Documents
Culture Documents
Addis Ababa Institute of Technology: Data At-Rest and In-Transit Encryption - Configuration Manual
Addis Ababa Institute of Technology: Data At-Rest and In-Transit Encryption - Configuration Manual
OF TECHNOLOGY
Data at-rest and in-transit Encryption – Configuration Manual
Group Members
Section 2
Table of Contents
Data at rest Encryption....................................................................................................................2
Data in transit encryption.................................................................................................................4
Data at rest Encryption
Encrypting data at rest is undertaken to prohibit “behind the scenes” snooping for information.
When the data at rest is encrypted, even if a hacker surreptitiously gains access to the data behind
the scenes, without the decryption key the data will be meaningless. Encryption at Rest provides
security for data in files that are saved on disk (or at rest) by encrypting that data.
Using Oracle Transparent Data Encryption (TDE) technology, Encryption at Rest encrypts data
to prevent access from unauthorized users.
TDE Configuration
1. Configure wallet root
INIT.ORA / SQLNET.ORA
Keystore Type
2. Create the keystore
3. Open the keystore
CDB
one or more PDBs
ALL
4. Create the master key
CDB
PDBs (must be open)
5. Optional: create autologin keystore
6. Encrypt columns, tablespaces or whole database
Oracle Database provides data network encryption and integrity to ensure that data is secure as it
travels across the network. The purpose of a secure cryptosystem is to convert plaintext data into
unintelligible ciphertext based on a key, in such a way that it is very hard (computationally
infeasible) to convert ciphertext back into its corresponding plaintext without knowledge of the
correct key.
Requested
Required
Accepted
Rejected
On the server:
On the client:
SQLNET.ENCRYPTION_TYPES_CLIENT = (valid_encryption_algorithm
[,valid_encryption_algorithm])