Release 1 (9.0.1) for Windows
Part Number A90165-01
 Home |
 Book List |
 Contents |
 Index |  Master Index |  Feedback |
| Oracle9i Network, Directory, and Security Guide Release 1 (9.0.1) for Windows Part Number A90165-01 |
|
This chapter describes the storing and retrieving of Oracle Wallets in the Windows registry.
This chapter contains these topics:
Oracle Wallets store the private keys and trustpoints, and holds the digital certificates used in public key applications for authentication and encryption. The Oracle Wallet Manager tool creates and manages Oracle Wallets. Oracle Enterprise Login Assistant is used to create an obfuscated wallet. Oracle Public Key applications use obfuscated Oracle Wallets for authentication and encryption. Using Oracle Enterprise Login Assistant, the user can log on once for each session and until the user logs out, all applications use the same obfuscated wallet to authenticate. On Windows 95, Windows 98, Windows NT, Windows 2000, the encrypted and obfuscated Oracle Wallets can be stored in the file system or the user profile area in the Windows registry. Oracle Wallet Manager, Oracle Enterprise Login Assistant and their related functionality are features of Oracle Advanced Security, a separately licensable option to the Oracle9i database.
In a Windows 2000 or Windows NT 4.0 domain, a user's profile is stored on the local. When the local user logs on, the user's profile on the local machine is uploaded into the user profile in the registry. When the user logs out, their profile stored on the local file system is updated, ensuring that the domain user or local user always has the most recent version of their user profile area.
On Windows operating systems, Oracle Wallets are located in the user profile area \\HKEY_CURRENT_USER\SOFTWARE\ORACLE\WALLETS in the registry. The wallets are stored in the same format as those in the file system. All functionality is the same except for the location of the wallets.
The WALLET_LOCATION parameter in the sqlnet.ora file specifies whether Oracle Wallets are stored in the file system or in the registry. It also specifies the location of the encrypted or obfuscated Oracle Wallet.
For example, the WALLET_LOCATION parameter for storing an Oracle Wallet in the registry in:
\\HKEY_CURRENT_USER\SOFTWARE\ORACLE\WALLETS\SALESAPP is
WALLET_LOCATION =
(SOURCE= (METHOD=REG) (METHOD_DATA= (KEY=SALESAPP)))
The encrypted or obfuscated Oracle Wallet is stored in the registry under \\HKEY_CURRENT_USER\SOFTWARE\ORACLE\ORACLE\ WALLETS\SALESAPP\EWALLET.P12 or \\HKEY_CURRENT_USER\SOFTWARE\ORACLE\ORACLE WALLETS\SALESAPP\CWALLET.SSO, respectively.
The Oracle Wallet Manager tool creates and manages Oracle Wallets. To use the Windows registry for Oracle Wallets, the Use Windows System registry check box needs to be selected. If Windows System Registry is selected, when the tool opens a wallet or saves a new wallet, it shows a list of existing keys under:
\\HKEY_CURRENT_USER\SOFTWARE\ORACLE\WALLETS
The user can select one of the existing locations, or enter the name for a new location (registry key). For example, if the new key is key1, then the tool creates a registry key:
\\HKEY_CURRENT_USER\SOFTWARE\ORACLE\WALLETS\KEY1
and the encrypted wallet is stored at the registry value:
\\HKEY_CURRENT_USER\SOFTWARE\ORACLE\WALLETS\KEY1\EWALLET.P12,
and the obfuscated wallet is stored at the registry value:
\\HKEY_CURRENT_USER\SOFTWARE\ORACLE\WALLETS\KEY1\CWALLET.SSO.
If the user does not select the Use Windows System registry check box, then the tool displays all the available drives and directories on the local computer. The user can select one of the existing directories or can enter a new directory. The tool stores the encrypted or obfuscated wallet in the selected directory, or creates the directory if it does not exist.
When the Oracle Enterprise Login Assistant is launched, the tool looks for the encrypted or obfuscated Oracle Wallet and stores the obfuscated wallet in the default file system location: %USERPROFILE%\ORACLE\WALLETS. If an obfuscated wallet is found, the tool returns a message stating that autologin has been enabled. Otherwise, the tool displays a message stating that autologin has not been enabled. If Login from the Oracle Enterprise Login Assistant is selected, the tool looks for the encrypted wallet in the default file system location, prompts the user for the wallet password, and creates an obfuscated wallet in the default location. Oracle Enterprise Login Assistant then displays a message that autologin has been enabled. Otherwise, if Login from the tool is selected and no encrypted wallet is found in the default location, the tool displays a message stating that no wallet is found in the default location. If Logout from the tool is selected, the obfuscated wallet is removed from the default location. If the user exits the tool, without selecting Logout, then the obfuscated wallet is left in the default location.
In Oracle9i, Windows when the Oracle Enterprise Login Assistant is launched, the tool looks for the obfuscated wallet in the registry location:
\\HKEY_CURRENT_USER\SOFTWARE\ORACLE\WALLETS\DEFAULT
If an obfuscated wallet is found and Logout is selected, the tool removes this obfuscated wallet from the registry. If no obfuscated wallet is found in the registry, the tool looks in the file system location %USERPROFILE%\ORACLE\WALLETS for an obfuscated wallet. If an obfuscated wallet is found and Logout is selected, the tool removes this obfuscated wallet from the file system. If an obfuscated wallet is not found in the registry or the file system default locations, then the tool displays a message stating that autologin is not enabled.
If Login from the Oracle Enterprise Login Assistant is selected, the tool looks for the encrypted wallet in the registry location:
\\HKEY_CURRENT_USER\SOFTWARE\ORACLE\WALLETS\DEFAULT
If an encrypted wallet is found in this location, the user is prompted for the wallet password and the tool creates the obfuscated wallet in the same registry location. At the next Logout in the same session of the tool, the obfuscated wallet is removed from the registry. If Login is selected from the Oracle Enterprise Login Assistant and no encrypted wallet is found in the registry, the tool then looks for the encrypted wallet in the local computer's file system under %USERPROFILE%\ORACLE\WALLETS. If an encrypted wallet is found in this location, the user is prompted for the wallet password and an obfuscated wallet is created in the same default file system location. At the next Logout in the same session of the tool, the obfuscated wallet is removed from the file system. If Login is selected and no encrypted wallet is found in the default location (in the registry or file system) then the tool displays a message stating that no Oracle Wallet was found in the default location.
The parameter WALLET_LOCATION in the sqlnet.ora file is extended to support Oracle Wallets in the registry. WALLET_LOCATION specifies the location of the obfuscated Oracle Wallet for use by Oracle PKI applications.
On Windows operating systems, if there is no value specified for the WALLET_LOCATION parameter in the sqlnet.ora file, Oracle PKI applications first look for the obfuscated wallet in the registry key:
\\HKEY_CURRENT_USER\SOFTWARE\ORACLE\WALLETS\DEFAULT
If it is not found, Oracle PKI applications look for the obfuscated wallet in the computer's local file system under %USERPROFILE%\ORACLE\WALLETS
If no obfuscated Oracle Wallet is found in the registry or file system default locations, then a No Oracle Wallet exists error is displayed.
|
 Copyright © 1996-2001, Oracle Corporation. All Rights Reserved. |
|