DPM2012SP1 Data Encryption PROBLEM

Similar Messages

• Listener Start Problem with TDE (Transparent Data Encryption)

  i am testing Transparent Data Encryption in Oracle 10g by using the following link
  http://oracle-base.com/articles/10g/TransparentDataEncryption_10gR2.php
  Before Implementing the TDE listener was running fine but after implementation of TDE the listener was unable to start
  Please check the steps which i follow
  Step1-
  specify the ENCRYPTION_WALLET_LOCATION parameter in the sqlnet.ora file, now SQLNET.ora file looks like the following
  SQLNET.AUTHENTICATION_SERVICES= (NTS)
  NAMES.DIRECTORY_PATH= (TNSNAMES, EZCONNECT)
  ENCRYPTION_WALLET_LOCATION=
  (SOURCE=(METHOD=FILE)(METHOD_DATA=
  (DIRECTORY=D:\oracle\product\10.2.0\wallet\)))
  please check the contents of listener.ora file,i didn't make any configuration changes for listener before or after implementation of TDE
  SID_LIST_LISTENER =
  (SID_LIST =
  (SID_DESC =
  (SID_NAME = PLSExtProc)
  (ORACLE_HOME = D:\oracle\product\10.2.0\db_1)
  (PROGRAM = extproc)
  LISTENER =
  (DESCRIPTION_LIST =
  (DESCRIPTION =
  (ADDRESS = (PROTOCOL = IPC)(KEY = EXTPROC1))
  (ADDRESS = (PROTOCOL = TCP)(HOST = shakeel-pc.lhr.inov8.com.pk)(PORT = 1521))
  Step2-
  CONN sys/password AS SYSDBA
  ALTER SYSTEM SET ENCRYPTION KEY AUTHENTICATED BY "myPassword";
  TDE implemented successfuly implemented.
  But when i try to stop/start listener
  C:\>lsnrctl status
  LSNRCTL for 32-bit Windows: Version 10.2.0.1.0 - Production on 06-JUN-2008 05:44
  :30
  Copyright (c) 1991, 2005, Oracle. All rights reserved.
  Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=IPC)(KEY=EXTPROC1)))
  STATUS of the LISTENER
  Alias LISTENER
  Version TNSLSNR for 32-bit Windows: Version 10.2.0.1.0 - Produ
  ction
  Start Date 05-JUN-2008 22:40:14
  Uptime 0 days 7 hr. 4 min. 16 sec
  Trace Level off
  Security ON: Local OS Authentication
  SNMP OFF
  Listener Parameter File D:\oracle\product\10.2.0\db_1\network\admin\listener.o
  ra
  Listener Log File D:\oracle\product\10.2.0\db_1\network\log\listener.log
  Listening Endpoints Summary...
  (DESCRIPTION=(ADDRESS=(PROTOCOL=ipc)(PIPENAME=\\.\pipe\EXTPROC1ipc)))
  (DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=shakeel-pc.lhr.inov8.com.pk)(PORT=15
  21)))
  Services Summary...
  Service "PLSExtProc" has 1 instance(s).
  Instance "PLSExtProc", status UNKNOWN, has 1 handler(s) for this service...
  Service "orcl" has 1 instance(s).
  Instance "orcl", status READY, has 1 handler(s) for this service...
  Service "orclXDB" has 1 instance(s).
  Instance "orcl", status READY, has 1 handler(s) for this service...
  Service "orcl_XPT" has 1 instance(s).
  Instance "orcl", status READY, has 1 handler(s) for this service...
  The command completed successfully
  C:\>lsnrctl stop
  LSNRCTL for 32-bit Windows: Version 10.2.0.1.0 - Production on 06-JUN-2008 05:44
  :35
  Copyright (c) 1991, 2005, Oracle. All rights reserved.
  Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=IPC)(KEY=EXTPROC1)))
  The command completed successfully
  C:\>lsnrctl start
  [i]LSNRCTL for 32-bit Windows: Version 10.2.0.1.0 - Production on 06-JUN-2008 05:44
  :40
  Copyright (c) 1991, 2005, Oracle. All rights reserved.
  Starting tnslsnr: please wait...
  TNSLSNR for 32-bit Windows: Version 10.2.0.1.0 - Production
  System parameter file is D:\oracle\product\10.2.0\db_1\network\admin\listener.or
  a
  Log messages written to D:\oracle\product\10.2.0\db_1\network\log\listener.log
  Error listening on: (ADDRESS=(PROTOCOL=tcp)(HOST=127.0.0.1)(PARTIAL=yes)(QUEUESI
  ZE=1))
  No longer listening on: (DESCRIPTION=(ADDRESS=(PROTOCOL=ipc)(PIPENAME=\\.\pipe\E
  XTPROC1ipc)))
  TNS-12560: TNS:protocol adapter error
  TNS-00583: Valid node checking: unable to parse configuration parameters
  Listener failed to start. See the error message(s) above...
  To start the listener i have to close wallet as
  1- SQL>conn sys as sysdba
  ALTER SYSTEM SET WALLET CLOSE;
  2- Replace the SQLNET.ora file as previous ,now SQLNET.ora contains
  SQLNET.AUTHENTICATION_SERVICES= (NTS)
  NAMES.DIRECTORY_PATH= (TNSNAMES, EZCONNECT)
  Now if i start the listener then the listener was started succesfuly
  Please suggest why listener is not being start with TDE?

  I have the same problem. I'm testing TDE using Oracle 11gR1. After setting the parameter encryption_wallet_location and restart the listener, the listener failed to start. The error is exactly the same
  TNS-12560: TNS:protocol adapter error
  TNS-00583: Valid node checking: unable to parse configuration parameters
  By removing the parameter encryption_wallet_location, the listner can be started successfully.
  Anyone can help?

• Data Encryption : Length of the result data in RAW

  Hello,
  I am pretty new in data encryption, and in 10g, I use package DBMS_CRYPTO.
  I have no problem with that.
  I want to save to encrypted data in a table.
  I think about using RAW columns.
  The origine strings are saved into VARCHAR2(4000).
  How can I roughly compute and figure out the number of RAWs resulting of the encryption? Is there a kind of formula ?
  Is this connected with the length of the encryption key?
  Thanks a lot,
  Olivier

  Hi Murali,
  Thanks for your reply.
  Yes that's why I found it was weird.
  I always have a nice pop up window when click "Data Mart Status of The Request"...
  usually.
  It also didn't happen to all ODS/Cube,
  some of it still shows a nice pop up window,
  for loading using InfoPackage or DTP.
  So it's not a system problem... there's still pop up window.
  However in particular ODS/Cube,
  the symbol is correct - that data has been loaded,
  but there's no Pop Up window.

• SQL Server Transparent Data encryption

  I have implemented TDE for the Database and Column Level Encryption for Sensitive data in Tables. But, the Porblem is the data is entered through an front end application how could i encrypt this data when it is inserted from the Front end. And how to decry-pt
  this data for the users when it is selected.
  Your suggestions are most valuable.
  Reagrds
  Rehaan Khan
  RehaanKhan. M

  Let me start with a solution that may have been overlooked, but it is good to make sure we cover it. Have you considered using column-level permissions? It may not be a complete solution for your particular scenario if you need to give access to the column
  for other reasons (after all, the group you are trying to restrict is probably developing applications on top of the column storing sensitive data) or if the developer group has permission to create objects that would render the sensitive data subject to ownership
  chains. For more information on column-permissions look at
  http://msdn.microsoft.com/en-us/library/ms186915.aspx
  Assuming permissions alone will not solve the problem. By using encryption you should be able to limit access to the sensitive data to the developers, but it will also require some changes to your schema & application. TDE (Transparent Data Encryption)
  will not help you in this scenario since you need to restrict access to the data and restricting access to the column is not sufficient.
  The following links may be useful to get you started with SQL Encryption capabilities:
  SQL Server Encryption (http://msdn.microsoft.com/en-us/library/bb510663.aspx)
  Data Encryption in SQL Server (http://msdn.microsoft.com/en-us/library/bb669072(v=vs.110).aspx)
  Encrypt a Column of data (http://msdn.microsoft.com/en-us/library/ms179331.aspx)
  Cryptographic Functions (T-SQL) (http://msdn.microsoft.com/en-us/library/ms173744.aspx)
  Older articles, but they may still be quite useful:
  Indexing encrypted Data (http://blogs.msdn.com/b/raulga/archive/2006/03/11/549754.aspx)
  SQL Server 2005: searching encrypted data (http://blogs.msdn.com/b/lcris/archive/2005/12/22/506931.aspx)
  One recommendation may be to encrypt the data using an AES key, and protect the key using one or more certificates (I would recommend using a separate certificate per individual if possible), making sure that only authorized people have access to the keys.
  Anyone else with access to the column, but not to the keys would not be able to decrypt the data.
  BTW. I would also recommend using SQL Auditing (http://msdn.microsoft.com/en-us/library/cc280386.aspx) in order to keep honest people honest, by monitoring access to the keys & to the
  sensitive data.
  I hope this information helps,
  -Raul Garcia
  SQL Server Security
  This posting is provided "AS IS" with no warranties, and confers no rights.

• Tablespace data encryption

  HI ,
  i was reading about the tablespace data encryption in oracle applications 11i.so i have certain doubts.please clear my doubts.
  * Is it necessary that the whenever we startup the database we need to open the wallet in order to allow the users to access the table data or privileged users will be capable of accessing the table data
  * How the privileged users will be getting authenticated to access the table data
  Normally when we encrpt the create the wallet is it necessary that we should encrypt the table data
  What is the purpose of opening the wallet.If we open the wallet is it necessary that we have to decrpt the table data or opening the wallet i more enough to aoolow the users to access the table data
  please clear my confusions
  Regards
  Aram

  Hi Rajeesh,
  Thanks for the link to the tutorial. I went through the steps and got to the part where you actually create the encrypted tablespace. I skipped the column encryption since I will not be using that method. The tablespace creation failed via EM as it has before so I tried it at the command prompt as directed in the tutorial. It failed as well as it has before:
  SQL> create tablespace obe datafile '/u01/oradata/test/obe.dbf' size 100M
  2 encryption default storage (encrypt);
  create tablespace obe datafile '/u01/oradata/test/obe.dbf' size 100M
  ERROR at line 1:
  ORA-28374: typed master key not found in wallet
  I suspect re-keying will fail as well. Are there additional log files with more detail in them that might hint at the problem?
  Thanks.
  Dan.

• Data Encryption fail

  I install ESM 3-5-035 on Win2003 R2 SP2, and config a policy.
  When I config Data-Encryption , it show "Encryption in not allowed when
  Removable Storage is set as read-only or disabled", I reconfig Removeable
  Storage from "Read-Only Access" to "Allow All Access" in [Storage Device
  Control].
  But I reconfig Data-Encryption, it still show the same message.....
  What step do I forget ??
  Wyld

  wyldkao,
  It appears that in the past few days you have not received a response to your
  posting. That concerns us, and has triggered this automated reply.
  Has your problem been resolved? If not, you might try one of the following options:
  - Visit http://support.novell.com and search the knowledgebase and/or check all
  the other self support options and support programs available.
  - You could also try posting your message again. Make sure it is posted in the
  correct newsgroup. (http://support.novell.com/forums)
  Be sure to read the forum FAQ about what to expect in the way of responses:
  http://support.novell.com/forums/faq_general.html
  If this is a reply to a duplicate posting, please ignore and accept our apologies
  and rest assured we will issue a stern reprimand to our posting bot.
  Good luck!
  Your Novell Product Support Forums Team
  http://support.novell.com/forums/

• Data Encryption - Removable Storage - User-Defined Password

  Hello,
  we are testing Data encryption for USB Storage and want "Enable encryption via user-defined password" to the entire device.
  But this is not working.
  When i select "Apply password encryption to this folder only" and copy files to the specified folder, i got asked, which password i want to use and it works fine on the 2nd device without Endpoint Security Client to decrypt the files.
  But reselect "Apply password encryption to the entire device" i got no prompt to set a password, neither i can open the files on the 2nd device.
  I tried a lot. Formatting the USB Device (multiple times), clean the RSD Password, rebooting the devices, but nothing works.
  Can someone confirm this issue or better give a solution?! )
  BR

  sprause,
  It appears that in the past few days you have not received a response to your
  posting. That concerns us, and has triggered this automated reply.
  Has your problem been resolved? If not, you might try one of the following options:
  - Visit http://support.novell.com and search the knowledgebase and/or check all
  the other self support options and support programs available.
  - You could also try posting your message again. Make sure it is posted in the
  correct newsgroup. (http://forums.novell.com)
  Be sure to read the forum FAQ about what to expect in the way of responses:
  http://forums.novell.com/faq.php
  If this is a reply to a duplicate posting, please ignore and accept our apologies
  and rest assured we will issue a stern reprimand to our posting bot.
  Good luck!
  Your Novell Product Support Forums Team
  http://forums.novell.com/

• Sensitive Data Encryption

  hi
  i encrypt my new key in Put key command using data encryption session key with using TripleDES.
  but only the first 8 bytes of the result are expected value for put key data field.
  do you know what value shall be assigned to last 8 bytes of my encrypted key for PUT key command?

  i solved problem with splitting new key
  and TripleDES on first and second 8 bytes.

• Date popup problem in APEX 3.1

  Hi
  I have a date picker (DD-MM-YYYY HH24:MI) and after upgrading to APEX 3.1 from APEX 3.0.1 the popup window height is too small.
  The end user is having to resize the window to click on the OK button.
  Is there a file I can edit to increase the height, couldnt find it in templates/themes.
  Regards
  Adam

  Hi Adam,
  This is a bug in APEX 3.1. It was discussed here:
  Apex 3.1 Upgrade Issue - dba_lock and date picker display
  and here:
  Date Picker problem in Apex 3.1
  I'll let Carl investigate and provide an official response and recommendation. Although I know where this problem is occurring.
  The size of the popup calendar window is hard-wired in the file apex/images/javascript/apex_3_1.js. In APEX 3.0, the size of the popup window was determined programatically at runtime and was a function of the date format, if it included a time component or not.
  The uncompressed, readable version of this same file is in apex/images/javascript/uncompressed/apex_3_1.js. Look for p_DatePicker and you'll see what I'm talking about. You'll see the height is hard-wired to 210 and width to 258. In APEX 3.0, the height was set to 255 if the date format contained a time component.
  So my suggestion, until Carl provides an official response, is to look for '210' in apex/images/javascript/apex_3_1.js and change this to 255. Granted, all calendar popup windows will be this big, but it won't put as great a burden on the end-user.
  I hope this helps.
  Joel

• ORA-01403: no data found Problem when using AUTOMATIC ROW FETCH to populate

  ORA-01403: no data found Problem when using AUTOMATIC ROW FETCH to populate a form.
  1) Created a FORM on EMP using the wizards. This creates an AUTOMATIC ROW FETCH
  TABLE NAME - EMP
  Item Containing PRIMARY KEY - P2099_EMPNO
  Primary key column - EMPNO
  By default the automatic fetch has a ‘Process Error Message’ of ‘Unable to fetch row.’
  2) Created a HTML region. Within this region add
  text item P2099_FIND_EMPNO
  Button GET_EMP to submit
  Branch Modified the conditional branch created during button creation to set P2099_EMPNO with &P2099_FIND_EMPNO.
  If I then run the page, enter an existing employee number into P2099_EMPNO and press the GET_EMP button the form is populated correctly. But if I enter an employee that does not exist then I get the oracle error ORA-01403: no data found and no form displayed but a message at the top of the page ‘Action Processed’.I was expecting a blank form to be displayed with the message ‘Unable to fetch row.’
  I can work around this by making the automated fetch conditional so that it checks the row exists first. Modify the Fetch row from EMP automated fetch so that it is conditional
  EXIST (SQL query returns at least one row)
  select 'x'
  from EMP
  where EMPNO = :P2099_EMPNO
  But this means that when the employee exists I must be fetching from the DB twice, once for the condition and then again for the actual row fetch.
  Rather than the above work around is there something I can change so I don’t get the Oracle error? I’m now wondering if the automatic row fetch is only supposed to be used when linking a report to a form and that I should be writing the fetch process manually. The reason I haven’t at the moment is I’m trying to stick with the automatic wizard generation as much as I can.
  Any ideas?
  Thanks Pete

  Hi Mike,
  I've tried doing that but it doesn't seem to make any difference. If I turn debug on it shows below.
  0.05: Computation point: AFTER_HEADER
  0.05: Processing point: AFTER_HEADER
  0.05: ...Process "Fetch Row from EMP": DML_FETCH_ROW (AFTER_HEADER) F|#OWNER#:EMP:P2099_EMPNO:EMPNO
  0.05: Show ERROR page...
  0.05: Performing rollback...
  0.05: Processing point: AFTER_ERROR_HEADER
  I don't really wan't the error page, either nothing with the form not being populated or a message at the top of the page.
  Thanks Pete

• Need suggestion for data encryption

  Hello Experts,
  I need your expert opinion on one of the data encryption method. We have some legal compliance to implement data encryption as listed below, lets say we have to apply encryption on 2 tables (1) TAB_A (2) TAB_B.
  (1) Need data encryption on the TAB_A & TAB_B for 2-3 columns and not the entire table.
  (2) Data should not be in readable format, if anyone connect to database and query the table.
  (3) We have reporting services on our tables but reporting services doesn't connect to our schema directly rather they connect to a different schema to which we have given the table Select grant.
  (4) Reports should work as it is, and users should see the data in readable format only.
  (5) There are batch processes which generates the data into these tables and we are not allowed to make any changes to these batch processes.
  This is a business need which has to be delivered. I explored various options such as VPDs, Data encryption methods etc but honestly none of these are serving our business need. There is also a limitation of encrypting data as data volume of quiet high (30TB DB) and generally users query the data on millions of records at a time. Also reports have very tight SLAs as well. If we create any encryption wrapper then decrypt will take longer in reports and will cause the SLA miss for reports.
  Could someone please suggest any better solution to me or if something is inbuilt in Oracle? We are using Oracle 11g.
  Regds,
  Amit.

  you can read about Transparent Data Encryption
  Check
  http://docs.oracle.com/cd/B28359_01/network.111/b28530/asotrans.htm

• Hey yall.. I lost everything from my mac from a data encrypted error and now it won't let me download Lightroom off of the disk again onto my new mac. What should I do?

  Hey yall.. I lost everything from my mac from a data encrypted error and now it won't let me download Lightroom off of the disk again onto my new mac. What should I do?

  Hi Brennacoyle,
  Can you please share the error message that you are getting while trying to download on the new MAC ?
  Cheers,
  Kartikay Sharma

• Are there any tools for data encryption and decryption ?

  Hi,
  i am using oracle 9i R2, i want encrypt my data. Are there any tools available in market.
  Please let me know the ways to do data encryption and decryption.
  Thanks in advance
  Prasuna.

  970489 wrote:
  using DBMS_OBFUSCATION_TOOLKIT.Encrypt /DESEncrypt we can't secure our password...So i am looking for an another alternative.As Blue Shadow said, what are you really trying to achieve?
  Encrypting a password is itself not secure. Anything that can be encrypted can be decrypted. That is why Oracle itself DOES NOT encrypt passwords.
  Surprised??
  Here's what Oracle does with passwords, and what others should be doing if they have to store them.
  When the password is created, the presented password - clear text - is concatenated with the username. The resulting character string is then passed through a one-way hashing function. It is that hashed value that is stored. Then when a user presents his credentials to log on to the system, the presented credentials are combined and hashed in the same manner as when the password was created, and the resulting hash value compared to the stored value.

• Data encryption in oracle 8i and 9i

  Hi,
  I would like to know how data encryption in Oracle 9i
  differes from that of Oracle 9i database.
  Thanks in advance
  Shinto

  What is your national character set? What is NLS_LENGTH_SEMANTICS set to?
  Justin
  Distributed Database Consulting, Inc.
  http://www.ddbcinc.com/askDDBC

• Data Encryption using DBMS_OBSFUCATION_PACKAGE

  Hello Friends,
  I want to encrypt EMPNAME column data in EMP table using
  DBMS_OBSFUCATION_PACKAGE. I am not getting much help for this
  package. can anybody suggest me some sites concerning
  information on package ?
  Thanx.
  Adi

  try this one.
  I am pasting the procedure.
  run catobtk.sql from sys
  DECLARE
  input_string VARCHAR2(16) := 'SRINIVAS';
  raw_input RAW(128) := sys.UTL_RAW.CAST_TO_RAW(input_string);
  #key_string VARCHAR2(16) := 'keepthesecretnum';
  key_string VARCHAR2(16) := 'abcdefghijklmnop';
  raw_key RAW(128) := sys.UTL_RAW.CAST_TO_RAW(key_string);
  encrypted_raw RAW(2048);
  encrypted_string VARCHAR2(2048);
  decrypted_raw RAW(2048);
  decrypted_string VARCHAR2(2048);
  error_in_input_buffer_length EXCEPTION;
  PRAGMA EXCEPTION_INIT(error_in_input_buffer_length, -28232);
  INPUT_BUFFER_LENGTH_ERR_MSG VARCHAR2(100) :=
  '*** DES INPUT BUFFER NOT A MULTIPLE OF 8 BYTES - IGNORING
  EXCEPTION ***';
  double_encrypt_not_permitted EXCEPTION;
  PRAGMA EXCEPTION_INIT(double_encrypt_not_permitted, -28233);
  DOUBLE_ENCRYPTION_ERR_MSG VARCHAR2(100) :=
  '*** CANNOT DOUBLE ENCRYPT DATA - IGNORING EXCEPTION ***';
  -- 1. Begin testing raw data encryption and decryption
  BEGIN
  dbms_output.put_line('> ========= BEGIN TEST RAW DATA
  =========');
  dbms_output.put_line('> Raw input : ' ||
  sys.UTL_RAW.CAST_TO_VARCHAR2(raw_input));
  BEGIN
  sys.dbms_obfuscation_toolkit.DESEncrypt(input => raw_input,
  key => raw_key, encrypted_data => encrypted_raw );
  sys.dbms_output.put_line('> encrypted hex value : ' ||
  rawtohex(encrypted_raw));
  sys.dbms_obfuscation_toolkit.DESDecrypt(input => encrypted_raw,
  key => raw_key, decrypted_data => decrypted_raw);
  dbms_output.put_line('> Decrypted raw output : ' ||
  sys.UTL_RAW.CAST_TO_VARCHAR2(decrypted_raw));
  dbms_output.put_line('> ');
  if sys.UTL_RAW.CAST_TO_VARCHAR2(raw_input) =
  sys.UTL_RAW.CAST_TO_VARCHAR2(decrypted_raw) THEN
  dbms_output.put_line('> Raw DES Encyption and Decryption
  successful');
  END if;
  EXCEPTION
  WHEN error_in_input_buffer_length THEN
  dbms_output.put_line('> ' || INPUT_BUFFER_LENGTH_ERR_MSG);
  END;
  dbms_output.put_line('> ');
  END;