My Oracle Support Banner

TDE 12c : Frequently Asked Questions (Doc ID 2253348.1)

Last updated on MARCH 12, 2021

Applies to:

Advanced Networking Option - Version 12.1.0.1 and later
Information in this document applies to any platform.

Purpose

 This note gives quick information about the do's and don'ts in 12c TDE.

Questions and Answers

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


In this Document
Purpose
Questions and Answers
 Quick TDE Setup
 Creating an auto login and local auto login keystore
 Changing the password of the keystore
 Backing up the keystore
 Password Based keystore
 Hardware keystore
 Auto-login/local auto-login kesytore (cwallet.sso file)
 SYSKM administrative privilege
 Are orapki commands to manage TDE keystores still supported?
 Are "alter system set encryption key....." commands to perform fresh TDE configuration in a fresh 12c database supported?
 How to list the contents of the keystore when the keystore resides on ASM? "mkstore" command fails if executed on the ASM keystore.
 Can a TDE keystore be deleted and recreated in 12c?
 Mapping ALTER SYSTEM and orapki commands in 11g with AKM commands in 12c:
 Can the existing tablespaces and databases be encrypted and Decrypted?
 How to copy the wallet file from the primary to the standby server if the wallet is present on ASM?
 Can we delete the old master keys from the TDE keystore?
 Will exporting the master key from a keystore delete the master key(s) from it?
References

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.