Information on Oracle MKSTORE utility for creating wallet

dba.stackexchange https://dba.stackexchange.com/questions/480

  •  16-10-2019
  •  | 
  •  

Question

I'm looking for more information about the utility MKSTORE that can be used for creating and modifying a Wallet. I would like to know things like what the -createALO option is and what the difference is between -createSSO and CreateLSSO. A link to the information would be fine or a document number on MOS. My goal is to script the Wallet creation and am wondering if these options can help me in any way.

Was it helpful?

Solution

General Information about Oracle Wallet is in the Advanced Security Guide.

This is the link to managing wallets from the command line using the general orapki tool.

This is the link to managing wallets using the MKSTORE command specific to credentials storage.

*add

Here is some q&a on the steps on asktom. He also notes an Oracle bug 4395883 that can affect using connect identifiers 4, 8 or 12 bytes in length.

Here is a blog entry that contains a script for rapidly creating wallet entries. Another entry on that blog about the bug above.

Another blog entry about the whole process.

-createSSO means autologin (aka no password required)

-createLSSO means -auto_login_local (require the hostname matches where the wallet was created)

-createALO means -auto_login_only (require the hostname and the user the wallet was created on/under to match)

This does not appear to be documented under mkstore but is documented under orapki which is a companion utility. Note auto_login_local security feature can be spoofed and offers little additional protection. Search the web and you can find more details about why auto_login_local is ineffective.

https://docs.oracle.com/cd/E11882_01/network.112/e40393/asoappf.htm#ASOAG9833

OTHER TIPS

My goal with this question was to determine how mkstore could be scripted. Here is the method I came up with using Powershell. Here are the requirements:

  1. PowerShell is installed.
  2. Scripting is enabled (Set-ExecutionPolicy RemoteSigned run as administrator).
  3. The script is in c:\oracle\WalletCreator.
  4. Wasp.dll from Windows Automation Snapin for PowerShell is located in the script folder.

The wallet will be created in c:\oracle\Wallets. Here is the script.

Import-Module c:\oracle\WalletCreator\WASP.dll

$WalletCreated = 0

cls
Write-Host "                                                           " -foregroundcolor White -backgroundcolor DarkRed
Write-Host "   Warning: This script will delete your current wallet.   " -foregroundcolor White -backgroundcolor DarkRed
Write-Host "                                                           " -foregroundcolor White -backgroundcolor DarkRed

do {
    #Get credentials
    Write-Host " " 
    Write-Host " New Wallet Entry                                          " -foregroundcolor White -backgroundcolor DarkGreen
    Write-Host "    To exit press return without entering anything.        " -foregroundcolor White -backgroundcolor DarkGreen
    $DB = Read-Host "Connection Name"
    if ($DB -eq "") {
       Return
    }
    $Username = Read-Host "       Username"
    if ($Username -eq "") {
       Return
    }
    $Password = Read-Host -AsSecureString "       Password" 

    #Convert from SecureString to String.
    $BasicString = [System.Runtime.InteropServices.Marshal]::SecureStringToBSTR($Password)
    $Password = [System.Runtime.InteropServices.Marshal]::PtrToStringAuto($BasicString)
    if ($Password -eq "") {
       Return
    }

    if ($WalletCreated -eq 0) {
        #Create folder in case it doesn't exist.
        md c:\oracle\Wallets -Force | Out-Null

        #Delete any wallet in the folder now.
        del c:\oracle\Wallets\*.* | Out-Null

        #Get GUID for wallet password.
        $WalletPassword = [guid]::NewGuid().toString()
        $WalletPassword = $WalletPassword + "`r"

        #Create Wallet.
        Start-Process -FilePath mkstore -ArgumentList "-wrl c:\oracle\Wallets\ -create"
        Start-Sleep -Milliseconds 500
        Select-Window -ProcessName cmd | Select -First 1 | Send-Keys -keys $WalletPassword
        Start-Sleep -Milliseconds 300
        Select-Window -ProcessName cmd | Select -First 1 | Send-Keys -keys $WalletPassword

        $WalletCreated = 1
        Start-Sleep -Milliseconds 1000
    }

    #Create Credential.
    $CC = "-wrl c:\oracle\Wallets\ -createCredential " + $DB + " " 
    $CC = $CC + $Username + " " + $Password
    Start-Process -FilePath mkstore -ArgumentList $CC
    Start-Sleep -Milliseconds 300
    Select-Window -ProcessName cmd | Select -First 1 | Send-Keys -keys $WalletPassword
    Start-Sleep -Milliseconds 1000
} 
until ($DB -eq "")
Licensed under: CC-BY-SA with attribution
Not affiliated with dba.stackexchange
scroll top