    

*******************************************************************************
* Description: Creating Oracle software keystore for TDE master encryption key
* Date: 00:08 PM EST, 08/03/2017
*******************************************************************************


<1> Oracle Software Keystore for TDE:
     |
     |__ o. TDE tablespace encryption uses the two-tiered, key-based architecture to transparently encrypt (and decrypt) tablespaces. 
            The TDE master encryption key is stored in an external security module (software or hardware keystore). 
            This TDE master encryption key is used to encrypt the TDE tablespace encryption key, which in turn is used to encrypt and decrypt data in the tablespace.

<2> Configuring a Software Keystore [Wallet], and create a TDE Master Encryption Key within the wallet:
     |
     |
     |__ o. Step 1 - Set the Software Keystore Location in the sqlnet.ora File:
     |       |
     |       |__ o. Adding parameter ENCRYPTION_WALLET_LOCATION within sqlnet.ora file.
     |               
     |                       ENCRYPTION_WALLET_LOCATION=
     |                         (SOURCE=
     |                          (METHOD=FILE)
     |                           (METHOD_DATA=
     |                            (DIRECTORY=C:\APP\ORACLE\ADMIN\EMERALIT\WALLET)))
     | 
     |
     |
     |	 
     |__ o. Step 2 - Creating a Password-Based Software Keystore:
     |       |
     |       |__ SQL> ADMINISTER KEY MANAGEMENT CREATE KEYSTORE 'C:\APP\ORACLE\ADMIN\EMERALIT\WALLET' IDENTIFIED BY password;
     |
     |                       keystore altered. File will be created ==> C:\app\oracle\admin\emeralit\wallet\ewallet.p12
     |
     |
     |
     |
     |__ o. Step 3 - Open the Software Keystore:
     |       |
     |       |__ SQL> ADMINISTER KEY MANAGEMENT SET KEYSTORE OPEN IDENTIFIED BY password;
     |
     |                       keystore altered.
     |			
     |
     |
     |	 
     |__ o. Step 4 - Set the Software TDE Master Encryption Key within WALLET:
             |
             |__ o. Database must be in "READ WRITE" mode.
             |
             |__ o. "WITH BACKUP" creates a backup of the keystore. You must use this option for password-based keystores. 
             |      Optionally, you can use the USING clause to add a brief description of the backup. 			 
             |
             |__ SQL> ADMINISTER KEY MANAGEMENT SET KEY IDENTIFIED BY password WITH BACKUP USING 'EMP_KEY_BACKUP';		
             |
             |               keystore altered. File will be created ==> C:\app\oracle\admin\emeralit\wallet\ewallet_2017080315193302_EMP_KEY_BACKUP.p12	 
             |			 
             |
             |__ SQL> select * from v$encryption_wallet;

                             WRL_TYPE       WRL_PARAMETER                            STATUS          WALLET_TYPE          WALLET_OR FULLY_BAC     CON_ID
                             -------------- ---------------------------------------- --------------- -------------------- --------- --------- ----------
                             FILE           C:\APP\ORACLE\ADMIN\EMERALIT\WALLET      OPEN            PASSWORD             SINGLE    NO                 0

Your Comments