把wallet删除后,再去建立master key ,怎么都会报这个错:
SYS@PRODCDB> ADMINISTER KEY MANAGEMENT SET KEY FORCE KEYSTORE IDENTIFIED BY welcome WITH BACKUP USING 'emp_key_backup';
ADMINISTER KEY MANAGEMENT SET KEY FORCE KEYSTORE IDENTIFIED BY welcome WITH BACKUP USING 'emp_key_backup'
*
ERROR at line 1:
ORA-28374: typed master key not found in wallet
看起key又是打开的:
SYS@PRODCDB> select * from v$encryption_wallet;
WRL_TYPE WRL_PARAMETER STATUS WALLET_TYPE WALLET_OR KEYSTORE FULLY_BAC CON_ID
-------------------- ---------------------------------------- ------------------------------ -------------------- --------- -------- --------- ----------
FILE /u01/app/oracle/admin/PRODCDB/wallet/tde OPEN AUTOLOGIN SINGLE NONE NO 1
/
FILE OPEN AUTOLOGIN SINGLE UNITED NO 2
FILE OPEN_NO_MASTER_KEY AUTOLOGIN SINGLE UNITED UNDEFINED 3
FILE OPEN_NO_MASTER_KEY AUTOLOGIN SINGLE UNITED UNDEFINED 4
FILE OPEN_NO_MASTER_KEY AUTOLOGIN SINGLE UNITED UNDEFINED 5
FILE OPEN_NO_MASTER_KEY AUTOLOGIN SINGLE UNITED UNDEFINED 6
FILE OPEN_NO_MASTER_KEY AUTOLOGIN SINGLE UNITED UNDEFINED 7
看到文件也在:
SYS@PRODCDB> ! ls -ltr /u01/app/oracle/admin/PRODCDB/wallet/tde
total 24
-rw------- 1 oracle oinstall 2555 Jul 1 16:42 ewallet_2023070108425878_emp_key_backup.p12
-rw------- 1 oracle oinstall 3995 Jul 1 17:00 ewallet_2023070109000658_emp_key_backup.p12
-rw------- 1 oracle oinstall 5259 Jul 1 17:00 ewallet.p12
-rw------- 1 oracle oinstall 5304 Jul 1 17:00 cwallet.sso
[oracle@host01 ~]$ mkstore -wrl /u01/app/oracle/admin/PRODCDB/wallet/tde -list
Oracle Secret Store Tool Release 19.0.0.0.0 - Production
Version 19.3.0.0.0
Copyright (c) 2004, 2019, Oracle and/or its affiliates. All rights reserved.
Enter wallet password:
Oracle Secret Store entries:
ORACLE.SECURITY.DB.ENCRYPTION.AcLME5Ggw0/4v3z+F1RlOT8AAAAAAAAAAAAAAAAAAAAAAAAAAAAA
ORACLE.SECURITY.DB.ENCRYPTION.ASRTt1QQ9U/Pv0D1tZqSLo4AAAAAAAAAAAAAAAAAAAAAAAAAAAAA
ORACLE.SECURITY.DB.ENCRYPTION.MASTERKEY
ORACLE.SECURITY.ID.ENCRYPTION.
ORACLE.SECURITY.KB.ENCRYPTION.
ORACLE.SECURITY.KM.ENCRYPTION.AcLME5Ggw0/4v3z+F1RlOT8AAAAAAAAAAAAAAAAAAAAAAAAAAAAA
ORACLE.SECURITY.KM.ENCRYPTION.ASRTt1QQ9U/Pv0D1tZqSLo4AAAAAAAAAAAAAAAAAAAAAAAAAAAAA
[oracle@host01 ~]$ orapki wallet display -wallet /u01/app/oracle/admin/PRODCDB/wallet/tde
Oracle PKI Tool Release 19.0.0.0.0 - Production
Version 19.3.0.0.0
Copyright (c) 2004, 2019, Oracle and/or its affiliates. All rights reserved.
Requested Certificates:
Subject: CN=oracle
User Certificates:
Oracle Secret Store entries:
ORACLE.SECURITY.DB.ENCRYPTION.AcLME5Ggw0/4v3z+F1RlOT8AAAAAAAAAAAAAAAAAAAAAAAAAAAAA
ORACLE.SECURITY.DB.ENCRYPTION.ASRTt1QQ9U/Pv0D1tZqSLo4AAAAAAAAAAAAAAAAAAAAAAAAAAAAA
ORACLE.SECURITY.DB.ENCRYPTION.MASTERKEY
ORACLE.SECURITY.ID.ENCRYPTION.
ORACLE.SECURITY.KB.ENCRYPTION.
ORACLE.SECURITY.KM.ENCRYPTION.AcLME5Ggw0/4v3z+F1RlOT8AAAAAAAAAAAAAAAAAAAAAAAAAAAAA
ORACLE.SECURITY.KM.ENCRYPTION.ASRTt1QQ9U/Pv0D1tZqSLo4AAAAAAAAAAAAAAAAAAAAAAAAAAAAA
Trusted Certificates:
SYS@PRODCDB> select con_id,ENCRYPTEDKEY , RAWTOHEX(mkid) mkeyid from x$kcbdbk;
CON_ID ENCRYPTEDKEY MKEYID
---------- ------------------------------------------------------------------------------------------------ --------------------------------
1 5634E595A9BD2A17F6A243F0A3EA63810000000000000000000000000000000000000000000000000000000000000000 5377FBDFF99B4FCDBF9F86F21AB57C66
2 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 00000000000000000000000000000000
3 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 00000000000000000000000000000000
4 4A80D1D0B7243E1764B46D115018E883A68F58BEDE2BEE752A7E8B3DE3FC86F000000000000000000000000000000000 F50196F292AE4F67BF932FD30A612B30
5 1B82ED79AE04D9662BD123CDF36A79500000000000000000000000000000000000000000000000000000000000000000 0C1AAA8578F14F4FBF89BE45537B7B71
6 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 00000000000000000000000000000000
7 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 00000000000000000000000000000000
7 rows selected.
SYS@PRODCDB> show parameter root
NAME TYPE VALUE
------------------------------------ ----------- ------------------------------
wallet_root string /u01/app/oracle/admin/PRODCDB/wallet
SYS@PRODCDB> show parameter tde_
NAME TYPE VALUE
------------------------------------ ----------- ------------------------------
tde_configuration string keystore_configuration=file
|