加密
|
许可声明:可以免费试用加密功能,但若要在生产环境中使用,必须为该功能购买单独的许可证。在试用期后,必须为该功能获取许可证或将其停用。Oracle 保留随时审计许可合规性的权利。有关详细信息,请参阅 "Oracle Software License Agreement ("SLA") and Entitlement for Hardware Systems with Integrated Software Options"。
|
|
Oracle ZFS Storage Appliance 提供了项目级别以及单个共享资源(文件系统和 LUN)级别的透明数据加密。该设备包括一个内置的本地密钥库,并且还可连接到 Oracle Key Manager (OKM) 系统。每个加密的项目或共享资源都需要一个来自本地或 OKM 密钥库的包装密钥。数据加密密钥由存储设备管理,并使用本地或 OKM 密钥库提供的包装密钥永久加密存储。
下表介绍了可用于管理本地和 OKM 加密的 RESTful API 请求。
表 97 本地加密
|
|
|
|
GET
|
/encryption/local
|
获取本地密钥库属性
|
|
PUT
|
/encryption/local
|
修改本地密钥库属性
|
|
GET
|
/encryption/local/keys
|
获取本地密钥
|
|
GET
|
/encryption/local/keys/<key>
|
获取本地密钥详细信息
|
|
POST
|
/encryption/local/keys
|
创建本地密钥
|
|
DELETE
|
/encryption/local/keys/<key>
|
销毁本地密钥
|
|
GET
|
/encryption/local/keys/<key>/dependents
|
列出依赖于此密钥的共享资源
|
|
表 98 OKM 加密
|
|
|
|
GET
|
/encryption/okm
|
获取 OKM 密钥库属性
|
|
PUT
|
/encryption/okm
|
修改 OKM 密钥库属性
|
|
GET
|
/encryption/okm/keys
|
获取 OKM 密钥
|
|
GET
|
/encryption/okm/keys/<key>
|
获取 OKM 密钥详细信息
|
|
POST
|
/encryption/okm/keys
|
创建 OKM 密钥
|
|
DELETE
|
/encryption/okm/keys/<key>
|
销毁 OKM 密钥
|
|
GET
|
/encryption/okm/keys/<key>/dependents
|
列出依赖于此密钥的共享资源
|
|
列出所有本地密钥
输出:
{
"keys": [{
"cipher": "AES",
"keyname": "key-1",
"href": "/api/storage/v1/encryption/local/keys/key-000"
},{
"cipher": "AES",
"keyname": "key-2",
"href": "/api/storage/v1/encryption/local/keys/key-001"
},{
"cipher": "AES",
"keyname": "key-3",
"href": "/api/storage/v1/encryption/local/keys/key-002"
}]
}
列出一个本地密钥
输出:
{
"key": {
"href": "/api/storage/v1/encryption/local/keys/key-000",
"cipher": "AES",
"keyname": "key-1"
}
}
列出所有 OKM 密钥
输出:
{
"keys": [{
"cipher": "AES",
"keyname": "okm-key-1",
"href": "/api/storage/v1/encryption/local/keys/key-000"
},{
"cipher": "AES",
"keyname": "okm-key-2",
"href": "/api/storage/v1/encryption/local/keys/key-001"
},{
"cipher": "AES",
"keyname": "okm-key-3",
"href": "/api/storage/v1/encryption/local/keys/key-002"
}]
}