RMAN Encrypted Backups Practice (Oracle 11g)－DanBrother的部落格

RMAN Encrypted Backups Practice (Oracle 11g):

export ORACLE_SID=TESTDB

sqlplus / as sysdba
SQL> create smallfile tablespace test_tbs datafile size 10M autoextend on;
SQL> col tablespace_name format a20
SQL> col file_name format a50
SQL> select tablespace_name,file_name,bytes/1024/1024 as MB from dba_data_files where tablespace_name = 'TEST_TBS';

TABLESPACE_NAME FILE_NAME MB
-------------------- -------------------------------------------------- ----------
TEST_TBS +DATA/testdb/datafile/test_tbs.286.792094295 10

SQL> exit

# rman target / nocatalog

RMAN> SHOW ENCRYPTION ALGORITHM;
RMAN configuration parameters for database with db_unique_name TESTDB are:
CONFIGURE ENCRYPTION ALGORITHM 'AES128'; # default

RMAN> set encryption on identified by 'mypwd' only;
RMAN> backup tablespace test_tbs tag=encrypted;

Starting backup at 23-AUG-12
allocated channel: ORA_DISK_1
channel ORA_DISK_1: SID=349 device type=DISK
channel ORA_DISK_1: starting full datafile backup set
channel ORA_DISK_1: specifying datafile(s) in backup set
input datafile file number=00009 name=+DATA/testdb/datafile/test_tbs.286.792068571
channel ORA_DISK_1: starting piece 1 at 23-AUG-12
channel ORA_DISK_1: finished piece 1 at 23-AUG-12
piece handle=+ARCH/testdb/backupset/2012_08_23/nnndf0_encrypted_0.283.792068755 tag=ENCRYPTED comment=NONE
channel ORA_DISK_1: backup set complete, elapsed time: 00:00:01
Finished backup at 23-AUG-12

RMAN> backup current controlfile tag=encrypted;

RMAN> list backup of tablespace test_tbs tag=encrypted;

List of Backup Sets
===================

BS Key Type LV Size Device Type Elapsed Time Completion Time
------- ---- -- ---------- ----------- ------------ ---------------
915 Full 1.03M DISK 00:00:00 23-AUG-12
BP Key: 1507 Status: AVAILABLE Compressed: NO Tag: ENCRYPTED
Piece Name: +ARCH/testdb/backupset/2012_08_23/nnndf0_encrypted_0.283.792094337
List of Datafiles in backup set 915
File LV Type Ckp SCN Ckp Time Name
---- -- ---- ---------- --------- ----
9 Full 82547742 23-AUG-12 +DATA/testdb/datafile/test_tbs.286.792094295

RMAN> restore tablespace test_tbs;

Starting restore at 23-AUG-12
using channel ORA_DISK_1

channel ORA_DISK_1: starting datafile backup set restore
channel ORA_DISK_1: specifying datafile(s) to restore from backup set
channel ORA_DISK_1: restoring datafile 00009 to +DATA/testdb/datafile/test_tbs.286.792094295
channel ORA_DISK_1: reading from backup piece +ARCH/testdb/backupset/2012_08_23/nnndf0_encrypted_0.283.792094337
RMAN-00571: ===========================================================
RMAN-00569: =============== ERROR MESSAGE STACK FOLLOWS ===============
RMAN-00571: ===========================================================
RMAN-03002: failure of restore command at 08/23/2012 18:13:19
ORA-19870: error while restoring backup piece +ARCH/testdb/backupset/2012_08_23/nnndf0_encrypted_0.283.792094337
ORA-19913: unable to decrypt backup
ORA-28365: wallet is not open

RMAN> set decryption identified by 'mypwd';

executing command: SET decryption

RMAN> sql 'alter tablespace test_tbs offline';

sql statement: alter tablespace test_tbs offline

RMAN> restore tablespace test_tbs;

Starting restore at 23-AUG-12
using channel ORA_DISK_1

channel ORA_DISK_1: starting datafile backup set restore
channel ORA_DISK_1: specifying datafile(s) to restore from backup set
channel ORA_DISK_1: restoring datafile 00009 to +DATA/testdb/datafile/test_tbs.286.792094295
channel ORA_DISK_1: reading from backup piece +ARCH/testdb/backupset/2012_08_23/nnndf0_encrypted_0.283.792094337
channel ORA_DISK_1: piece handle=+ARCH/testdb/backupset/2012_08_23/nnndf0_encrypted_0.283.792094337 tag=ENCRYPTED
channel ORA_DISK_1: restored backup piece 1
channel ORA_DISK_1: restore complete, elapsed time: 00:00:01
Finished restore at 23-AUG-12

RMAN> delete backup of tablespace test_tbs tag=encrypted;

using channel ORA_DISK_1

List of Backup Pieces
BP Key BS Key Pc# Cp# Status Device Type Piece Name
------- ------- --- --- ----------- ----------- ----------
1507 915 1 1 AVAILABLE DISK +ARCH/testdb/backupset/2012_08_23/nnndf0_encrypted_0.283.792094337

Do you really want to delete the above objects (enter YES or NO)? YES
deleted backup piece
backup piece handle=+ARCH/testdb/backupset/2012_08_23/nnndf0_encrypted_0.283.792094337 RECID=1507 STAMP=792094337
Deleted 1 objects

RMAN> crosscheck backup;

RMAN> delete backup of controlfile tag=encrypted;

using channel ORA_DISK_1

List of Backup Pieces
BP Key BS Key Pc# Cp# Status Device Type Piece Name
------- ------- --- --- ----------- ----------- ----------
1506 914 1 1 EXPIRED DISK +ARCH/testdb/backupset/2012_08_23/ncnnf0_encrypted_0.319.792068851

Do you really want to delete the above objects (enter YES or NO)? YES
deleted backup piece
backup piece handle=+ARCH/testdb/backupset/2012_08_23/ncnnf0_encrypted_0.319.792068851 RECID=1506 STAMP=792068850
Deleted 1 objects

RMAN> sql 'drop tablespace test_tbs';
sql statement: drop tablespace test_tbs