Oracle 19c cannot create master key

dba.stackexchange https://dba.stackexchange.com/questions/256485

Question

I cannot create master key in oracle 19c... I set parameter in sqlnet.ora like as:

WALLET_LOCATION=
  (SOURCE=
    (METHOD=file)
    (METHOD_DATA=
       (DIRECTORY=/opt/oracle/product/19c/db_home/admin/ALF/wallet/tde)))

Also set parameter TDE_CONFIGURATION:

ALTER SYSTEM SET TDE_CONFIGURATION="KEYSTORE_CONFIGURATION=FILE" scope=both;

After I restart oracle and performed following commands:

  1. alter session set container=CDB$ROOT;

  2. administer key management create keystore identified by "mypassword";

  3. administer key management set keystore OPEN identified by "mypassword";

And tried to create master key:

  1. ADMINISTER KEY MANAGEMENT SET KEY USING TAG 'master key' IDENTIFIED BY "mypassword" WITH BACKUP USING 'masterbackup';

And I always get following error:

ERROR at line 1:
ORA-28362: master key not found

Do you know, how I resolve this issue? Although, I performed commands by instruction... Thank you.

Was it helpful?

Solution

So what instructions did you follow?

Below is an example with your commands, where I did not use sqlnet.ora at all, because it is optional in 19c:

SQL> !mkdir /u01/app/oracle/admin/MIN19_O71/wallet

SQL> alter system set wallet_root='/u01/app/oracle/admin/MIN19_O71/wallet' scope=spfile;

System altered.

SQL> startup force
ORACLE instance started.

Total System Global Area 1073737800 bytes
Fixed Size                  8904776 bytes
Variable Size             297795584 bytes
Database Buffers          759169024 bytes
Redo Buffers                7868416 bytes
Database mounted.
Database opened.
SQL> alter system set tde_configuration="keystore_configuration=file" scope=both;

System altered.

SQL> administer key management create keystore identified by "mypassword";

keystore altered.

SQL> administer key management set keystore OPEN identified by "mypassword";

keystore altered.

SQL> !ls -l /u01/app/oracle/admin/MIN19_O71/wallet
total 0
drwxr-x---. 2 oracle oinstall 25 Dec 30 16:01 tde

SQL> !ls -l /u01/app/oracle/admin/MIN19_O71/wallet/tde
total 4
-rw-------. 1 oracle oinstall 2555 Dec 30 16:01 ewallet.p12

SQL> administer key management set key using tag 'master key' identified by "mypassword" with backup using 'masterbackup';

keystore altered.

SQL> !ls -l /u01/app/oracle/admin/MIN19_O71/wallet/tde
total 12
-rw-------. 1 oracle oinstall 2555 Dec 30 16:02 ewallet_2019123015024590_masterbackup.p12
-rw-------. 1 oracle oinstall 4171 Dec 30 16:02 ewallet.p12

SQL>

OTHER TIPS

To make your key store auto open add following steps:

ADMINISTER KEY MANAGEMENT CREATE AUTO_LOGIN KEYSTORE FROM KEYSTORE IDENTIFIED BY "mypassword";

keystore altered.

Licensed under: CC-BY-SA with attribution
Not affiliated with dba.stackexchange
scroll top