Home » Oracle » Oracle Database » How to change/validate TDE Keystore Password

How to change/validate TDE Keystore Password

In this post, we will be checking, How to change the TDE Keystore Password in Oracle, How to validate the TDE wallet password

How to change TDE Keystore Password in Oracle

Here are the steps to change TDE Keystore Password

Rename the auto-login wallet file cwallet.sso in the wallet location

$ mv cwallet.sso cwallet.sso_old

Close the TDE encryption wallet

sqlplus / as sysdba
SQL> ADMINISTER KEY MANAGEMENT SET KEYSTORE CLOSE CONTAINER=ALL;

Open the TDE encryption wallet using the old wallet password.

SQL> ADMINISTER KEY MANAGEMENT SET KEYSTORE OPEN IDENTIFIED BY "<old password" CONTAINER=ALL;

Change password of TDE wallet

SQL> ADMINISTER KEY MANAGEMENT ALTER KEYSTORE PASSWORD IDENTIFIED BY "new password" WITH BACKUP;

Create a new autologin wallet file (cwallet.sso)

SQL> ADMINISTER KEY MANAGEMENT CREATE AUTO_LOGIN KEYSTORE FROM KEYSTORE '<wallet location' IDENTIFIED BY "new password";

How to validate TDE wallet password

We can validate the TDE password without using the open/close command in the Database using the below steps

1.  Copy the Keystore/wallet file to a new directory.  This means only the ewallet.p12 file; ignore the cwallet.sso if it exists.

2.  Using mkstore, try to display the contents of the copied file, by specifying the new directory from step 1.

Syntax:

mkstore -wrl <wallet_directory> -list

Above, specify the new directory for <wallet_directory>.

Without the cwallet.sso (auto-login) Keystore/wallet in the same directory, any attempt to access the Keystore will prompt for the password. 
If the entered password is correct, the command will display helpful information.

I hope you like this content on How to change/validate TDE Keystore Password in Oracle

Related Articles
TDE encryption in oracle 11g step by step: Check out this article for TDE encryption in oracle 11g step by step for both table encryption and tablespace encryption
TDE encryption in Oracle 12c step by step
How to open a wallet in Oracle 12c: Check out How to open a wallet in Oracle 12c, How To Import TDE Master Encryption Key, How To Export TDE Master Encryption Key
how to check if oracle database is encrypted: check out how to check if oracle database is encrypted, what tablespaces is encrypted, what table columns are encrypted
How To Restore TDE Wallet Files From Backup in Oracle Database

See also  how to check Database is consistent after incomplete recovery

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top