Oracle 19c cannot create master key
-
21-02-2021 - |
Question
I cannot create master key in oracle 19c... I set parameter in sqlnet.ora like as:
WALLET_LOCATION=
(SOURCE=
(METHOD=file)
(METHOD_DATA=
(DIRECTORY=/opt/oracle/product/19c/db_home/admin/ALF/wallet/tde)))
Also set parameter TDE_CONFIGURATION:
ALTER SYSTEM SET TDE_CONFIGURATION="KEYSTORE_CONFIGURATION=FILE" scope=both;
After I restart oracle and performed following commands:
alter session set container=CDB$ROOT;
administer key management create keystore identified by "mypassword";
administer key management set keystore OPEN identified by "mypassword";
And tried to create master key:
ADMINISTER KEY MANAGEMENT SET KEY USING TAG 'master key' IDENTIFIED BY "mypassword" WITH BACKUP USING 'masterbackup';
And I always get following error:
ERROR at line 1:
ORA-28362: master key not found
Do you know, how I resolve this issue? Although, I performed commands by instruction... Thank you.
Solution
So what instructions did you follow?
Below is an example with your commands, where I did not use sqlnet.ora
at all, because it is optional in 19c:
SQL> !mkdir /u01/app/oracle/admin/MIN19_O71/wallet
SQL> alter system set wallet_root='/u01/app/oracle/admin/MIN19_O71/wallet' scope=spfile;
System altered.
SQL> startup force
ORACLE instance started.
Total System Global Area 1073737800 bytes
Fixed Size 8904776 bytes
Variable Size 297795584 bytes
Database Buffers 759169024 bytes
Redo Buffers 7868416 bytes
Database mounted.
Database opened.
SQL> alter system set tde_configuration="keystore_configuration=file" scope=both;
System altered.
SQL> administer key management create keystore identified by "mypassword";
keystore altered.
SQL> administer key management set keystore OPEN identified by "mypassword";
keystore altered.
SQL> !ls -l /u01/app/oracle/admin/MIN19_O71/wallet
total 0
drwxr-x---. 2 oracle oinstall 25 Dec 30 16:01 tde
SQL> !ls -l /u01/app/oracle/admin/MIN19_O71/wallet/tde
total 4
-rw-------. 1 oracle oinstall 2555 Dec 30 16:01 ewallet.p12
SQL> administer key management set key using tag 'master key' identified by "mypassword" with backup using 'masterbackup';
keystore altered.
SQL> !ls -l /u01/app/oracle/admin/MIN19_O71/wallet/tde
total 12
-rw-------. 1 oracle oinstall 2555 Dec 30 16:02 ewallet_2019123015024590_masterbackup.p12
-rw-------. 1 oracle oinstall 4171 Dec 30 16:02 ewallet.p12
SQL>
OTHER TIPS
To make your key store auto open add following steps:
ADMINISTER KEY MANAGEMENT CREATE AUTO_LOGIN KEYSTORE FROM KEYSTORE IDENTIFIED BY "mypassword";
keystore altered.