Results 1 to 2 of 2
  1. #1
    Join Date
    Jan 2004
    Posts
    28

    Unanswered: Creating an encrypted tablespace in 11g

    Greetings,
    I have a single oracle installation with one oracle home and I have 2 database instances on that machine one DEV and one TEST. I created an encryption wallet in a shared location and opened it in DEV. I then created an encrypted tablespace in DEV and created several tables in it. I then went to TEST and opened the same wallet and it opened fine. I went to create a tablespace using the same script I used for DEV only pointing to a datafile in TEST and get the following error.

    SQL> CREATE TABLESPACE tep_data_ts
    DATAFILE '/oradata/TESTDB/tep_data_ts01.dbf'
    SIZE 150M
    ENCRYPTION
    DEFAULT STORAGE(ENCRYPT);
    CREATE TABLESPACE tep_data_ts
    *
    ERROR at line 1:
    ORA-28374: typed master key not found in wallet

    This worked in DEV just fine with the same wallet. I created the key in DEV then just opened the wallet in TEST. Does this error mean that when the wallet was created it was created specific to DEV and cannot be used in any other instance? If so is there a way I can create the key to be used in multiple instances? Or do I have to create a separate key for each instance? I'm having trouble finding documentation on this so anyone with knowledge or who's tried this before any help would be appreciated. Thanks!

  2. #2
    Join Date
    Feb 2006
    Posts
    173
    Provided Answers: 1
    I obviously don't know the complete details of your installation but check out this manual: Managing Keystores, Wallets, and Certificates - 11g Release 1 (11.1.1)
    8.3.1.1 Sharing Keystores Across Instances

    Oracle recommends that you do not share keystores between component instances or Oracle instances, since each keystore represents a unique identity.
    The exception to this is an environment with a cluster of component instances, in which case keystore sharing would be an acceptable practice.
    Note that no management tools or interfaces are available to facilitate keystore sharing. However, you can export a keystore from one instance and import it into another instance.

    8.4.1.3 Sharing Wallets Across Instances

    Oracle recommends that you do not share wallets between component instances or Oracle instances, since each wallet represents a unique identity.
    The exception to this is an environment with a cluster of component instances, in which case wallet sharing would be an acceptable practice.
    Note that no management tools or interfaces are available to facilitate wallet sharing. However, you can export a wallet from one instance and import it into another instance. See Section 8.4.4 for details of wallet export and import.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •