For symmetric cryptsystem , the same key is used for encryption and decryption .Oracle has a solution to encrypt data on wire.
In order to make secure data transmission from client to server we can make some configuration in sqlnet.ora file.
First we look at network encryption from client to server. For this reason ; the easiest way is to change the sqlnet.ora at client side.
Below you can see some definitions in sqlnet.ora file at client side. Simply client requests to server for secure transmission. If server Acccepts it ; network encryption starts automaticly.
-----------
SQLNETSQLNET.ENCRYPTION_CLIENT = Requested.
ENCRYPTION_TYPES_CLIENT = ( AES128 )
SQLNET.CRYPTO_CHECKSUM_CLIENT = Requested
SQLNET.CRYPTO_CHECKSUM_TYPES_CLIENT = (SHA1)
----------
It means that default value for
SQLNET.ENCRYPTION_SERVER = Accepted
If there is a configuration at server side; like this
SQLNET.ENCRYPTION_SERVER = Rejected
You can not start data encryption between client and server. Because your configuration is in Requested mode and you can create connection without encryption
----------------
TRACE_LEVEL_CLIENT = 10
TRACE_DIRECTORY_CLIENT = C:\Users\u003475\Oracle\oradiag_u003475\diag\clients\user_u003475\host_389884333_11\trace
----------------
After changing sqlnet.ora file look at the trace files and search for "encryption is active" words.
If you find these words at trace file. It means that you succesfuly started a secure connection between client and Server.
----------------
the inside of trace file
2014-07-03 15:08:21.586127 : nau_adi:exit
2014-07-03 15:08:21.586146 : na_tns: authentication is not active
2014-07-03 15:08:21.586166 : na_tns: encryption is active, using RC4_128
2014-07-03 15:08:21.586186 : na_tns: crypto-checksumming is not active
2014-07-03 15:08:21.586205 : na_tns:exit
2014-07-03 15:08:21.586224 : na_coco:exit
------------------
No comments:
Post a Comment