![]() Want to understand (probably with test cases) how the reset of the master encryption key works as we want to rotate the master encryption key regularly (also need to test database refresh and restore with change in master keys). The database is opened with the old keys instead of the new keys. ![]() There is also no change in the activation_time.ĭid a small test by misplacing the wallet and then restoring the old key from the backup. The activation_time of the key is same as the creation_time of the existing key. The command is executed successfully, but the new key is not visible in V$ENCRYPTION_KEYS or in V$DATABASE_KEY_INFO. Only tablespace encryption is enabled at the moment.īackup of the encryption keys (ewallet.p12 & cwallet.sso) is taken on another filesystem which have a regular backup.įor reset of the master encryption key of the database, following command is usedĪDMINISTER KEY MANAGEMENT ALTER KEYSTORE PASSWORD FORCE KEYSTORE IDENTIFIED BY "xxxxxxxxxxxxxxxxxxxxx" SET "yyyyyyyyyyyyyyyyyyyyy" WITH BACKUP USING 'NEWKEY_REF' My understanding of the PASSWORDVERIFYFUNCTION in Oracle is that the function only restricts the password criteria when the user changes his or her own password. TDE is enabled, Wallet_location is in ASM, software keystore is configured and auto-login is created. 1 I am considering making a recommendation to enforce a password verify function that will not allow users to change their own passwords.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |