Practice: Setting the Default Tablespace Encryption Algorithm

Overview

This practice shows how you can set the TABLESPACE_ENCRYPTION_DEFAULT_ALGORITHM dynamic parameter to define the default encryption algorithm for tablespace creation operations.

Before starting any new practice, refer to the Practices Environment recommendations.

Step 1 : Set the default tablespace encryption algorithm

  • Connect to the CDB root and display the default tablespace encryption algorithm.

    
    $ sqlplus / AS SYSDBA
    Connected to:
    
    SQL> SHOW PARAMETER TABLESPACE_ENCRYPTION_DEFAULT_ALGORITHM
    
    NAME                                       TYPE   VALUE
    ------------------------------------------ ------ -----------------------
    tablespace_encryption_default_algorithm    string AES128
    SQL>
  • Change the tablespace encryption algorithm.

    
    SQL> ALTER SYSTEM SET TABLESPACE_ENCRYPTION_DEFAULT_ALGORITHM=AES192;
    
    System altered.
    
    SQL> EXIT
    $
  • Connect to the PDB and create a new tablespace in PDBTEST

    
    $ sqlplus sys@PDB21 AS SYSDBA
    Enter password:
    Connected.
    SQL> CREATE TABLESPACE tbstest DATAFILE SIZE 2M;
    
    Tablespace created.
    
    SQL>

Step 2 : Verify the tablespace encryption algorithm used

  • Verify the result of the operation.

    
    SQL> SELECT name, encryptionalg 
                  FROM v$tablespace t, v$encrypted_tablespaces v 
                  WHERE t.ts#=v.ts#;
    
    NAME                           ENCRYPT
    ------------------------------ -------
    USERS                          AES128
    TBSTEST                        AES192
    
    SQL> EXIT
    
    $