You can
encrypt backups in one of three ways:
•
Transparent
encryption: This
method uses a wallet, and it is the default mode.
•
Password
encryption: This
method of encryption relies on a password. There is no need to configure a
wallet. You must know the password that was used for the backup in order to
restore.
•
Dual
mode encryption:
Both transparent and password encryption are used. In order to restore, either
the transparent mode or the password mode can be used. This type of encryption
is useful if you usually restore your backups to the local site, but sometimes
ship the backups to other sites.
Modify the
encryption setting using SET ENCRYPTION. Here is an example of password
encryption:
RMAN> SET ENCRYPTION
IDENTIFIED BY mypassword;
RMAN> BACKUP DATAFILE
5;
...
RMAN> SET DECRYPTION
IDENTIFIED BY mypassword;
RMAN can
transparently encrypt data written to backup sets and decrypt those backup sets
when they are needed in a RESTORE operation. To create encrypted backups on
disk, the database must use the Advanced Security Option. To create encrypted
backups directly on tape, RMAN must use the Oracle Secure Backup SBT interface,
but does not require the Advanced Security Option.
Note: Encryption by Oracle Secure Backup
(OSB) can be configured such that, no matter what the client requests regarding
encryption, all backups are encrypted by OSB.
