Tuesday, May 10, 2011

Oracle TDE: Tablespace Encryption handson

Specify an Oracle Wallet Location in the sqlnet.ora File


[oracle@vmxdb01 ~]$ cat $ORACLE_HOME/network/admin/sqlnet.ora

ENCRYPTION_WALLET_LOCATION=

(SOURCE=

(METHOD=FILE)

(METHOD_DATE=

(DIRECTORY=/u01/app/oracle/product/11.2.0.2/db_1/wallet)

)

)


Create the Master Encryption Key


[oracle@vmxdb01 ~]$ sqlplus / as sysdba

SQL*Plus: Release 11.2.0.2.0 Production on Mon May 9 22:34:17 2011

Copyright (c) 1982, 2010, Oracle. All rights reserved.

Connected to:

Oracle Database 11g Enterprise Edition Release 11.2.0.2.0 - Production

With the Partitioning, OLAP, Data Mining and Real Application Testing options

SQL> ALTER SYSTEM SET ENCRYPTION KEY IDENTIFIED BY "Easy2rem";

ALTER SYSTEM SET ENCRYPTION KEY IDENTIFIED BY "Easy2rem"

*

ERROR at line 1:

ORA-28368: cannot auto-create wallet


[oracle@vmxdb01 ~]$ sqlplus / as sysdba

SQL*Plus: Release 11.2.0.2.0 Production on Mon May 9 22:34:17 2011

Copyright (c) 1982, 2010, Oracle. All rights reserved.

Connected to:

Oracle Database 11g Enterprise Edition Release 11.2.0.2.0 - Production

With the Partitioning, OLAP, Data Mining and Real Application Testing options


SQL> ! ls -l /u01/app/oracle/product/11.2.0.2/db_1/wallet

ls: cannot access /u01/app/oracle/product/11.2.0.2/db_1/wallet: No such file or directory

SQL> ! mkdir /u01/app/oracle/product/11.2.0.2/db_1/wallet

SQL> -- Easy2rem is the wallet password, not the master key.

SQL> -- master key is a key stored in wallet, can not be seen

SQL> alter system set encryption key identified by "Easy2rem";

System altered.

SQL> -- Wallet is open after initial creation


SQL> ! ls -ltr /u01/app/oracle/product/11.2.0.2/db_1/wallet

total 4

-rw-r--r--. 1 oracle oinstall 1573 May 9 22:35 ewallet.p12


SQL> create tablespace securetbs

2 datafile '/u01/app/oracle/oradata/orcl/securetbs01.dbf' size 10m autoextend on

3 encryption

4 default storage(encrypt);

Tablespace created.

SQL> create table tbl_sec (name varchar2(20));

Table created.

SQL> drop table tbl_sec purge;

Table dropped.

SQL> create table tbl_sec (name varchar2(20)) tablespace securetbs;

Table created.

SQL> insert into tbl_sec values('donghua');

1 row created.

SQL> insert into tbl_sec values('kaitlyn');

1 row created.

SQL> commit;

Commit complete.

SQL> create tablespace securetbs2

2 datafile '/u01/app/oracle/oradata/orcl/securetbs201.dbf' size 10m autoextend on

3 encryption using 'aes256'

4 default storage(encrypt);

Tablespace created.


SQL> select ts#,name from v$tablespace;

TS# NAME

---------- ------------------------------

0 SYSTEM

1 SYSAUX

2 UNDOTBS1

4 USERS

3 TEMP

6 EXAMPLE

7 SECURETBS

8 SECURETBS2

8 rows selected.


Rekey the master key


SQL> select * from v$encrypted_tablespaces;

TS# ENCRYPT ENC

---------- ------- ---

ENCRYTPEDKEY

----------------------------------------------------------------

MASTERKEYID BLOCKS_ENCRYPTED BLOCKS_DECRYPTED

-------------------------------- ---------------- ----------------

7 AES128 YES

204FD4ADFEAF4E1C30EDF832EAF60FBA00000000000000000000000000000000

4BF36F5317CC4FBFBFE376412BA3E2BF 0 0

8 AES256 YES

07852161AA012F3BF201D058F41E92EC28C946F04BDD44684F07C51B3883CF52

4BF36F5317CC4FBFBFE376412BA3E2BF 0 0

Change the master encryption key


SQL> alter system set encryption key identified by "Easy2rem";

System altered.

SQL> select * from v$encrypted_tablespaces;

TS# ENCRYPT ENC

---------- ------- ---

ENCRYTPEDKEY

----------------------------------------------------------------

MASTERKEYID BLOCKS_ENCRYPTED BLOCKS_DECRYPTED

-------------------------------- ---------------- ----------------

7 AES128 YES

D0273DC55D82A8CA01F50795001E2DF7E9CA6BD63D67347CAD5FD323BC0FCFF8

0CBD900BD9E24FE7BFA2A120F1353E0A 5 0

8 AES256 YES

7F408761EB8E2605E1843681512997D7B4AFBC5ADBA531C84A1F516B50FDBD22

0CBD900BD9E24FE7BFA2A120F1353E0A 0 0

SQL> select * from tbl_sec;

select * from tbl_sec

*

ERROR at line 1:

ORA-28365: wallet is not open

SQL> drop table tbl_sec;

Table dropped.

SQL> flashback table tbl_sec to before drop;

Flashback complete.


SQL> insert into tbl_sec values('donghua');

insert into tbl_sec values('donghua')

*

ERROR at line 1:

ORA-28365: wallet is not open

SQL> alter system set encryption wallet open identified by "Easy2rem";

System altered.

SQL> select * from tbl_sec;

NAME

--------------------

donghua

kaitlyn

SQL> alter system set encryption wallet close;

alter system set encryption wallet close

*

ERROR at line 1:

ORA-28390: auto login wallet not open

SQL> alter system set encryption wallet close identified by "Easy2rem";

System altered.


SQL> select * from tbl_sec;

select * from tbl_sec

*

ERROR at line 1:

ORA-28365: wallet is not open


SQL> shutdown immediate

Database closed.

Database dismounted.

ORACLE instance shut down.

SQL> startup

ORACLE instance started.

Total System Global Area 627732480 bytes

Fixed Size 1345992 bytes

Variable Size 419431992 bytes

Database Buffers 201326592 bytes

Redo Buffers 5627904 bytes

Database mounted.

Database opened.

SQL> select * from tbl_sec;

select * from tbl_sec

*

ERROR at line 1:

ORA-28365: wallet is not open

SQL> alter system set encryption wallet open identified by "Easy2rem";

System altered.

SQL> select * from tbl_sec;

NAME

--------------------

donghua

kaitlyn


[oracle@vmxdb01 ~]$ ls -ltr /u01/app/oracle/product/11.2.0.2/db_1/wallet

-rw-r--r--. 1 oracle oinstall 1837 May 9 22:47 /u01/app/oracle/product/11.2.0.2/db_1/wallet/ewallet.p12


Change Wallet Password


[oracle@vmxdb01 ~]$ orapki

Oracle PKI Tool : Version 11.2.0.2.0 - Production

Copyright (c) 2004, 2010, Oracle and/or its affiliates. All rights reserved.

orapki [crl|wallet|cert|help] <-nologo>


[oracle@vmxdb01 ~]$ orapki wallet display -wallet $ORACLE_HOME/wallet

Oracle PKI Tool : Version 11.2.0.2.0 - Production

Copyright (c) 2004, 2010, Oracle and/or its affiliates. All rights reserved.

Enter wallet password: Easy2rem

Requested Certificates:

Subject: CN=oracle

User Certificates:

Oracle Secret Store entries:

ORACLE.SECURITY.DB.ENCRYPTION.AQy9kAvZ4k/nv6KhIPE1PgoAAAAAAAAAAAAAAAAAAAAAAAAAAAAA

ORACLE.SECURITY.DB.ENCRYPTION.AUvzb1MXzE+/v+N2QSuj4r8AAAAAAAAAAAAAAAAAAAAAAAAAAAAA

ORACLE.SECURITY.DB.ENCRYPTION.MASTERKEY

ORACLE.SECURITY.TS.ENCRYPTION.BUsUJZGRoNKeBXtav3J2iDYCAwAAAAAAAAAAAAAAAAAAAAAAAAAA

Trusted Certificates:


[oracle@vmxdb01 ~]$ orapki wallet change_pwd -wallet $ORACLE_HOME/wallet

Oracle PKI Tool : Version 11.2.0.2.0 - Production

Copyright (c) 2004, 2010, Oracle and/or its affiliates. All rights reserved.

Enter wallet password: Easy2rem

New password:

Enter wallet password: Never4get


[oracle@vmxdb01 ~]$ orapki wallet change_pwd -wallet $ORACLE_HOME/wallet -oldpwd Never4get -newpwd Lost1World

Oracle PKI Tool : Version 11.2.0.2.0 - Production

Copyright (c) 2004, 2010, Oracle and/or its affiliates. All rights reserved.


SQL> conn donghua/donghua

Connected.

SQL> select * from sys.tbl_sec;

NAME

--------------------

donghua

kaitlyn


SQL> alter system set encryption wallet close identified by "Lost1World";

System altered.


SQL> alter system set encryption wallet open identified by "Lost1World";

System altered.

SQL> select * from sys.tbl_sec;

NAME

--------------------

donghua

kaitlyn


[oracle@vmxdb01 ~]$ orapki wallet change_pwd -wallet $ORACLE_HOME/wallet -oldpwd Lost1World -newpwd Big2Recall

Oracle PKI Tool : Version 11.2.0.2.0 - Production

Copyright (c) 2004, 2010, Oracle and/or its affiliates. All rights reserved.


[oracle@vmxdb01 ~]$ sqlplus donghua/donghua

SQL*Plus: Release 11.2.0.2.0 Production on Mon May 9 23:16:36 2011

Copyright (c) 1982, 2010, Oracle. All rights reserved.

Connected to:

Oracle Database 11g Enterprise Edition Release 11.2.0.2.0 - Production

With the Partitioning, OLAP, Data Mining and Real Application Testing options

SQL> select * from sys.tbl_sec;

NAME

--------------------

donghua

kaitlyn

SQL> alter system set encryption wallet close identified by "Lost1World";

System altered.

SQL> alter system set encryption wallet open identified by "Lost1World";

alter system set encryption wallet open identified by "Lost1World"

*

ERROR at line 1:

ORA-28353: failed to open wallet

SQL> alter system set encryption wallet open identified by "Big2Recall";

System altered.

SQL> alter system set encryption wallet close identified by "Lost1World";

alter system set encryption wallet close identified by "Lost1World"

*

ERROR at line 1:

ORA-28391: cannot close wallet or HSM, password mismatch

Auto Login Wallet


[oracle@vmxdb01 ~]$ orapki wallet create -wallet $ORACLE_HOME/wallet -auto_login -pwd Big2Recall

Oracle PKI Tool : Version 11.2.0.2.0 - Production

Copyright (c) 2004, 2010, Oracle and/or its affiliates. All rights reserved.

[oracle@vmxdb01 ~]$ ls -l $ORACLE_HOME/wallet

total 8

-rw-------. 1 oracle oinstall 1915 May 9 23:19 cwallet.sso

-rw-------. 1 oracle oinstall 1838 May 9 23:16 ewallet.p12


[oracle@vmxdb01 ~]$ sqlplus / as sysdba

SQL*Plus: Release 11.2.0.2.0 Production on Mon May 9 23:20:37 2011

Copyright (c) 1982, 2010, Oracle. All rights reserved.

Connected to:

Oracle Database 11g Enterprise Edition Release 11.2.0.2.0 - Production

With the Partitioning, OLAP, Data Mining and Real Application Testing options

SQL> shutdown immediate

Database closed.

Database dismounted.

ORACLE instance shut down.

SQL> startup

ORACLE instance started.

Total System Global Area 627732480 bytes

Fixed Size 1345992 bytes

Variable Size 419431992 bytes

Database Buffers 201326592 bytes

Redo Buffers 5627904 bytes

Database mounted.

Database opened.

SQL> select * from tbl_sec;

NAME

--------------------

donghua

kaitlyn


SQL> select * from v$encryption_wallet;

WRL_TYPE

--------------------

WRL_PARAMETER

--------------------------------------------------------------------------------

STATUS

------------------

file

/u01/app/oracle/product/11.2.0.2/db_1/wallet

OPEN


[oracle@vmxdb01 ~]$ orapki wallet display -wallet $ORACLE_HOME/wallet

Oracle PKI Tool : Version 11.2.0.2.0 - Production

Copyright (c) 2004, 2010, Oracle and/or its affiliates. All rights reserved.

Requested Certificates:

Subject: CN=oracle

User Certificates:

Oracle Secret Store entries:

ORACLE.SECURITY.DB.ENCRYPTION.AQy9kAvZ4k/nv6KhIPE1PgoAAAAAAAAAAAAAAAAAAAAAAAAAAAAA

ORACLE.SECURITY.DB.ENCRYPTION.AUvzb1MXzE+/v+N2QSuj4r8AAAAAAAAAAAAAAAAAAAAAAAAAAAAA

ORACLE.SECURITY.DB.ENCRYPTION.MASTERKEY

ORACLE.SECURITY.TS.ENCRYPTION.BUsUJZGRoNKeBXtav3J2iDYCAwAAAAAAAAAAAAAAAAAAAAAAAAAA

Trusted Certificates:



Disable Autologin Wallet


[oracle@vmxdb01 wallet]$ rm $ORACLE_HOME/wallet/cwallet.sso

[oracle@vmxdb01 wallet]$ sqlplus / as sysdba

SQL*Plus: Release 11.2.0.2.0 Production on Mon May 9 23:33:22 2011

Copyright (c) 1982, 2010, Oracle. All rights reserved.

Connected to:

Oracle Database 11g Enterprise Edition Release 11.2.0.2.0 - Production

With the Partitioning, OLAP, Data Mining and Real Application Testing options

SQL> select * from tbl_sec;

NAME

--------------------

donghua

kaitlyn

SQL> shutdown immediate

Database closed.

Database dismounted.

ORACLE instance shut down.

SQL> startup

ORACLE instance started.

Total System Global Area 627732480 bytes

Fixed Size 1345992 bytes

Variable Size 419431992 bytes

Database Buffers 201326592 bytes

Redo Buffers 5627904 bytes

Database mounted.

Database opened.

SQL> select * from tbl_sec;

select * from tbl_sec

*

ERROR at line 1:

ORA-28365: wallet is not open

SQL> select * from v$encryption_wallet;

WRL_TYPE

--------------------

WRL_PARAMETER

--------------------------------------------------------------------------------

STATUS

------------------

file

/u01/app/oracle/product/11.2.0.2/db_1/wallet

CLOSED

SQL> alter system set encryption wallet open identified by Big2Recall;

alter system set encryption wallet open identified by Big2Recall

*

ERROR at line 1:

ORA-28353: failed to open wallet

SQL> alter system set encryption wallet open identified by "Big2Recall";

System altered.

SQL> select * from v$encryption_wallet;

WRL_TYPE

--------------------

WRL_PARAMETER

--------------------------------------------------------------------------------

STATUS

------------------

file

/u01/app/oracle/product/11.2.0.2/db_1/wallet

OPEN

Backup without wallet open


Starting backup at 09-MAY-11

using channel ORA_DISK_1

channel ORA_DISK_1: starting compressed full datafile backup set

channel ORA_DISK_1: specifying datafile(s) in backup set

input datafile file number=00001 name=/u01/app/oracle/oradata/orcl/system01.dbf

input datafile file number=00002 name=/u01/app/oracle/oradata/orcl/sysaux01.dbf

input datafile file number=00005 name=/u01/app/oracle/oradata/orcl/example01.dbf

input datafile file number=00003 name=/u01/app/oracle/oradata/orcl/undotbs01.dbf

input datafile file number=00004 name=/u01/app/oracle/oradata/orcl/users01.dbf

input datafile file number=00006 name=/u01/app/oracle/oradata/orcl/securetbs01.dbf

input datafile file number=00007 name=/u01/app/oracle/oradata/orcl/securetbs201.dbf

channel ORA_DISK_1: starting piece 1 at 09-MAY-11

RMAN-03009: failure of backup command on ORA_DISK_1 channel at 05/09/2011 23:36:49

ORA-19914: unable to encrypt backup

ORA-28365: wallet is not open

continuing other job steps, job failed will not be re-run

channel ORA_DISK_1: starting compressed full datafile backup set

channel ORA_DISK_1: specifying datafile(s) in backup set

including current control file in backup set

including current SPFILE in backup set

channel ORA_DISK_1: starting piece 1 at 09-MAY-11

channel ORA_DISK_1: finished piece 1 at 09-MAY-11

piece handle=/u01/app/oracle/fast_recovery_area/ORCL/backupset/2011_05_09/o1_mf_ncsnf_TAG20110509T233648_6wj2jl9n_.bkp tag=TAG20110509T233648 comment=NONE

channel ORA_DISK_1: backup set complete, elapsed time: 00:00:01

RMAN-00571: ===========================================================

RMAN-00569: =============== ERROR MESSAGE STACK FOLLOWS ===============

RMAN-00571: ===========================================================

RMAN-03002: failure of backup plus archivelog command at 05/09/2011 23:36:51

RMAN-03009: failure of backup command on ORA_DISK_1 channel at 05/09/2011 23:36:49

ORA-19914: unable to encrypt backup

ORA-28365: wallet is not open



RMAN> sql 'alter system set encryption wallet open identified by "Big2Recall"';

sql statement: alter system set encryption wallet open identified by "Big2Recall"

RMAN> backup as compressed backupset database;

Starting backup at 09-MAY-11

using channel ORA_DISK_1

channel ORA_DISK_1: starting compressed full datafile backup set

channel ORA_DISK_1: specifying datafile(s) in backup set

input datafile file number=00001 name=/u01/app/oracle/oradata/orcl/system01.dbf

input datafile file number=00002 name=/u01/app/oracle/oradata/orcl/sysaux01.dbf

input datafile file number=00005 name=/u01/app/oracle/oradata/orcl/example01.dbf

input datafile file number=00003 name=/u01/app/oracle/oradata/orcl/undotbs01.dbf

input datafile file number=00004 name=/u01/app/oracle/oradata/orcl/users01.dbf

input datafile file number=00006 name=/u01/app/oracle/oradata/orcl/securetbs01.dbf

input datafile file number=00007 name=/u01/app/oracle/oradata/orcl/securetbs201.dbf

channel ORA_DISK_1: starting piece 1 at 09-MAY-11

channel ORA_DISK_1: finished piece 1 at 09-MAY-11

piece handle=/u01/app/oracle/fast_recovery_area/ORCL/backupset/2011_05_09/o1_mf_nnndf_TAG20110509T233809_6wj2m1w7_.bkp tag=TAG20110509T233809 comment=NONE

channel ORA_DISK_1: backup set complete, elapsed time: 00:01:05

channel ORA_DISK_1: starting compressed full datafile backup set

channel ORA_DISK_1: specifying datafile(s) in backup set

including current control file in backup set

including current SPFILE in backup set

channel ORA_DISK_1: starting piece 1 at 09-MAY-11

channel ORA_DISK_1: finished piece 1 at 09-MAY-11

piece handle=/u01/app/oracle/fast_recovery_area/ORCL/backupset/2011_05_09/o1_mf_ncsnf_TAG20110509T233809_6wj2o42l_.bkp tag=TAG20110509T233809 comment=NONE

channel ORA_DISK_1: backup set complete, elapsed time: 00:00:01

Finished backup at 09-MAY-11



RMAN> sql 'alter tablespace securetbs offline';

sql statement: alter tablespace securetbs offline

RMAN>

RMAN>

RMAN> sql 'alter system set encryption wallet close identified by "Big2Recall"';

sql statement: alter system set encryption wallet close identified by "Big2Recall"

RMAN> restore tablespace securetbs;

Starting restore at 09-MAY-11

using channel ORA_DISK_1

channel ORA_DISK_1: starting datafile backup set restore

channel ORA_DISK_1: specifying datafile(s) to restore from backup set

channel ORA_DISK_1: restoring datafile 00006 to /u01/app/oracle/oradata/orcl/securetbs01.dbf

channel ORA_DISK_1: reading from backup piece /u01/app/oracle/fast_recovery_area/ORCL/backupset/2011_05_09/o1_mf_nnndf_TAG20110509T233809_6wj2m1w7_.bkp

RMAN-00571: ===========================================================

RMAN-00569: =============== ERROR MESSAGE STACK FOLLOWS ===============

RMAN-00571: ===========================================================

RMAN-03002: failure of restore command at 05/09/2011 23:43:16

ORA-19870: error while restoring backup piece /u01/app/oracle/fast_recovery_area/ORCL/backupset/2011_05_09/o1_mf_nnndf_TAG20110509T233809_6wj2m1w7_.bkp

ORA-19913: unable to decrypt backup

ORA-28365: wallet is not open

RMAN> list backup of database;

List of Backup Sets

===================

BS Key Type LV Size Device Type Elapsed Time Completion Time

------- ---- -- ---------- ----------- ------------ ---------------

3 Full 285.05M DISK 00:00:58 09-MAY-11

BP Key: 3 Status: AVAILABLE Compressed: YES Tag: TAG20110509T233809

Piece Name: /u01/app/oracle/fast_recovery_area/ORCL/backupset/2011_05_09/o1_mf_nnndf_TAG20110509T233809_6wj2m1w7_.bkp

List of Datafiles in backup set 3

File LV Type Ckp SCN Ckp Time Name

---- -- ---- ---------- --------- ----

1 Full 1055434 09-MAY-11 /u01/app/oracle/oradata/orcl/system01.dbf

2 Full 1055434 09-MAY-11 /u01/app/oracle/oradata/orcl/sysaux01.dbf

3 Full 1055434 09-MAY-11 /u01/app/oracle/oradata/orcl/undotbs01.dbf

4 Full 1055434 09-MAY-11 /u01/app/oracle/oradata/orcl/users01.dbf

5 Full 1055434 09-MAY-11 /u01/app/oracle/oradata/orcl/example01.dbf

6 Full 1055434 09-MAY-11 /u01/app/oracle/oradata/orcl/securetbs01.dbf

7 Full 1055434 09-MAY-11 /u01/app/oracle/oradata/orcl/securetbs201.dbf

RMAN> sql 'alter tablespace users offline';

sql statement: alter tablespace users offline

RMAN> restore tablespace users;

Starting restore at 09-MAY-11

using channel ORA_DISK_1

channel ORA_DISK_1: starting datafile backup set restore

channel ORA_DISK_1: specifying datafile(s) to restore from backup set

channel ORA_DISK_1: restoring datafile 00004 to /u01/app/oracle/oradata/orcl/users01.dbf

channel ORA_DISK_1: reading from backup piece /u01/app/oracle/fast_recovery_area/ORCL/backupset/2011_05_09/o1_mf_nnndf_TAG20110509T233809_6wj2m1w7_.bkp

RMAN-00571: ===========================================================

RMAN-00569: =============== ERROR MESSAGE STACK FOLLOWS ===============

RMAN-00571: ===========================================================

RMAN-03002: failure of restore command at 05/09/2011 23:44:07

ORA-19870: error while restoring backup piece /u01/app/oracle/fast_recovery_area/ORCL/backupset/2011_05_09/o1_mf_nnndf_TAG20110509T233809_6wj2m1w7_.bkp

ORA-19913: unable to decrypt backup

ORA-28365: wallet is not open

RMAN> sql 'alter system set encryption wallet open identified by "Big2Recall"';

sql statement: alter system set encryption wallet open identified by "Big2Recall"

RMAN> restore tablespace securetbs;

Starting restore at 09-MAY-11

using channel ORA_DISK_1

channel ORA_DISK_1: starting datafile backup set restore

channel ORA_DISK_1: specifying datafile(s) to restore from backup set

channel ORA_DISK_1: restoring datafile 00006 to /u01/app/oracle/oradata/orcl/securetbs01.dbf

channel ORA_DISK_1: reading from backup piece /u01/app/oracle/fast_recovery_area/ORCL/backupset/2011_05_09/o1_mf_nnndf_TAG20110509T233809_6wj2m1w7_.bkp

channel ORA_DISK_1: piece handle=/u01/app/oracle/fast_recovery_area/ORCL/backupset/2011_05_09/o1_mf_nnndf_TAG20110509T233809_6wj2m1w7_.bkp tag=TAG20110509T233809

channel ORA_DISK_1: restored backup piece 1

channel ORA_DISK_1: restore complete, elapsed time: 00:00:01

Finished restore at 09-MAY-11

RMAN> recover tablespace securetbs;

Starting recover at 09-MAY-11

using channel ORA_DISK_1

starting media recovery

media recovery complete, elapsed time: 00:00:00

Finished recover at 09-MAY-11

RMAN> sql 'alter tablespace securetbs online';

sql statement: alter tablespace securetbs online

RMAN> sql 'alter tablespace users online';

sql statement: alter tablespace users online



The side effects of backup encrytion does not apply to other tablespace alone


RMAN> sql 'alter system set encryption wallet close identified by "Big2Recall"';

sql statement: alter system set encryption wallet close identified by "Big2Recall"

RMAN> backup as compressed backupset tablespace users;

Starting backup at 09-MAY-11

using channel ORA_DISK_1

channel ORA_DISK_1: starting compressed full datafile backup set

channel ORA_DISK_1: specifying datafile(s) in backup set

input datafile file number=00004 name=/u01/app/oracle/oradata/orcl/users01.dbf

channel ORA_DISK_1: starting piece 1 at 09-MAY-11

channel ORA_DISK_1: finished piece 1 at 09-MAY-11

piece handle=/u01/app/oracle/fast_recovery_area/ORCL/backupset/2011_05_09/o1_mf_nnndf_TAG20110509T234702_6wj33pr3_.bkp tag=TAG20110509T234702 comment=NONE

channel ORA_DISK_1: backup set complete, elapsed time: 00:00:01

Finished backup at 09-MAY-11

RMAN> sql 'alter tablespace users offline';

sql statement: alter tablespace users offline

RMAN> restore tablespace users;

Starting restore at 09-MAY-11

using channel ORA_DISK_1

channel ORA_DISK_1: starting datafile backup set restore

channel ORA_DISK_1: specifying datafile(s) to restore from backup set

channel ORA_DISK_1: restoring datafile 00004 to /u01/app/oracle/oradata/orcl/users01.dbf

channel ORA_DISK_1: reading from backup piece /u01/app/oracle/fast_recovery_area/ORCL/backupset/2011_05_09/o1_mf_nnndf_TAG20110509T234702_6wj33pr3_.bkp

channel ORA_DISK_1: piece handle=/u01/app/oracle/fast_recovery_area/ORCL/backupset/2011_05_09/o1_mf_nnndf_TAG20110509T234702_6wj33pr3_.bkp tag=TAG20110509T234702

channel ORA_DISK_1: restored backup piece 1

channel ORA_DISK_1: restore complete, elapsed time: 00:00:01

Finished restore at 09-MAY-11

RMAN> recover tablespace users;

Starting recover at 09-MAY-11

using channel ORA_DISK_1

starting media recovery

media recovery complete, elapsed time: 00:00:00

Finished recover at 09-MAY-11

RMAN> sql 'alter tablespace users online';

sql statement: alter tablespace users online

RMAN> exit

Recovery Manager complete.

[oracle@vmxdb01 wallet]$ sqlplus / as sysdba

SQL*Plus: Release 11.2.0.2.0 Production on Mon May 9 23:47:52 2011

Copyright (c) 1982, 2010, Oracle. All rights reserved.

Connected to:

Oracle Database 11g Enterprise Edition Release 11.2.0.2.0 - Production

With the Partitioning, OLAP, Data Mining and Real Application Testing options

SQL> select * from v$encryption_wallet;

WRL_TYPE

--------------------

WRL_PARAMETER

--------------------------------------------------------------------------------

STATUS

------------------

file

/u01/app/oracle/product/11.2.0.2/db_1/wallet

CLOSED