In Oracle version 10gR2 it has implemented new feature Transparent Data Encryption (TDE). To implement the feature whenever I try to create the encrypted wallet file using following command ALTER SYSTEM SET ENCRYPTION KEY IDENTIFIED BY ... it fails with ORA-28368.
sys@ORA11G> alter system set encryption key identified by foobar;
ALTER SYSTEM SET ENCRYPTION KEY IDENTIFIED BY foobar
*
ERROR at line 1:
ORA-28368: cannot auto-create wallet
Specify the location of the wallet file (which is used to store the encryption master key) explicitly by adding the following entry in $ORACLE_HOME/network/admin/sqlnet.ora:
sys@ORA11G> $type D:\app\179818\product\11.2.0\dbhome_1\NETWORK\ADMIN\sqlnet.ora
# This file is actually generated by netca. But if customers choose to
# install "Software Only", this file wont exist and without the native
# authentication, they will not be able to connect to the database on NT.
SQLNET.AUTHENTICATION_SERVICES = (TNSNAMES, EZCONNECT)
ENCRYPTION_WALLET_LOCATION=
(SOURCE=(METHOD=FILE)
(METHOD_DATA=
(DIRECTORY=D:\app\179818\admin\ora11g\wallet)
)
)
After you set it inside sqlnet.roa make sure the directory exists on the filesystem and is accessible by the oracle software owner.Check permission on the folder and issue your command again.
sys@ORA11G>
sys@ORA11G> alter system set encryption key identified by foobar ;
System altered.
Elapsed: 00:00:00.43
sys@ORA11G> $dir D:\app\179818\admin\ora11g\wallet
Volume in drive D is RAJESH
Volume Serial Number is E42D-12EA
Directory of D:\app\179818\admin\ora11g\wallet
06/27/2013 05:56 PM <DIR> .
06/27/2013 05:56 PM <DIR> ..
06/27/2013 05:56 PM 1,573 ewallet.p12
1 File(s) 1,573 bytes
2 Dir(s) 78,393,446,400 bytes free
sys@ORA11G>
