RMAN Backup and Password Encryption

Password encryption is ideal for customers who are not already encrypting data in the database and simply want their database backup encrypted. It is important to use a complex password made up of characters and numbers to prevent a thief from easily breaking the encryption and reading the clear text data.

No need for a wallet manager, but requires to specify a password for the encryption and decryption.

NOTE: If you loose  password , you can not decrypt and restore your backup.

Configuration encryption algorithm to use (optional):

The V$RMAN_ENCRYPTION_ALGORITHMS view contains a list of encryption algorithms supported by RMAN. If no encryption algorithm is specified, the default encryption algorithm is 128-bit AES.

SQL>  show parameter compatible NAME                                 TYPE                             VALUE ------------------------------------ -------------------------------- -------- compatible                           string                           11.2.0.3 SQL>  select ALGORITHM_NAME  from V$RMAN_ENCRYPTION_ALGORITHMS; ALGORITHM_NAME ----------------------------------------- AES128  # default AES192 AES256 # RMAN Syntax RMAN> CONFIGURE ENCRYPTION ALGORITHM 'AES256'; new RMAN configuration parameters: CONFIGURE ENCRYPTION ALGORITHM 'AES256'; new RMAN configuration parameters are successfully stored

Take Full Encrypted(AES256) RMAN Backup using Password:

$ rman target / Recovery Manager: Release 11.2.0.3.0 - Production on Fri Mar 14 12:47:41 2014 Copyright (c) 1982, 2011, Oracle and/or its affiliates.  All rights reserved. connected to target database: TESTDB (DBID=2625431591) # Configure encryption algorithm RMAN> CONFIGURE ENCRYPTION ALGORITHM 'AES256'; using target database control file instead of recovery catalog new RMAN configuration parameters: CONFIGURE ENCRYPTION ALGORITHM 'AES256'; new RMAN configuration parameters are successfully stored # Set the encryption Password before making a backup RMAN> set encryption on identified by password only; executing command: SET encryption # Backup database RMAN> backup database; Starting backup at 14-MAR-14 allocated channel: ORA_DISK_1 channel ORA_DISK_1: SID=71 device type=DISK allocated channel: ORA_DISK_2 channel ORA_DISK_2: SID=134 device type=DISK allocated channel: ORA_DISK_3 channel ORA_DISK_3: SID=200 device type=DISK allocated channel: ORA_DISK_4 channel ORA_DISK_4: SID=13 device type=DISK channel ORA_DISK_1: starting full datafile backup set channel ORA_DISK_1: specifying datafile(s) in backup set …... …... …...

Restore Database from Encrypted(AES256) RMAN Backup using Password:

RMAN> shutdown immediate database closed database dismounted Oracle instance shut down RMAN> startup mount connected to target database (not started) Oracle instance started database mounted Total System Global Area     521936896 bytes Fixed Size                     2229944 bytes Variable Size                171968840 bytes Database Buffers         339738624 bytes Redo Buffers               7999488 bytes RMAN>  list backup summary; List of Backups =============== Key     TY LV S Device Type Completion Time #Pieces #Copies Compressed Tag ------- -- -- - ----------- --------------- ------- ------- ---------- --- 20      B  F  A DISK        14-MAR-14       1       1       NO         TAG20140314T125259 21      B  F  A DISK        14-MAR-14       1       1       NO         TAG20140314T125259 22      B  F  A DISK        14-MAR-14       1       1       NO         TAG20140314T125259 23      B  F  A DISK        14-MAR-14       1       1       NO         TAG20140314T125259 24      B  F  A DISK        14-MAR-14       1       1       NO         TAG20140314T125259 25      B  F  A DISK        14-MAR-14       1       1       NO         TAG20140314T125259 # The restore fails with ORA-19913 and ORA-28365 RMAN> restore database; …... …... …… ORA-19913: unable to decrypt backup ORA-28365: wallet is not open # Specify encryption password # Note: Passwords, when enclosed by single quotes (') are case-sensitive RMAN>  SET DECRYPTION IDENTIFIED BY password; executing command: SET decryption # Restore database RMAN> restore database; Starting restore at 14-MAR-14 using channel ORA_DISK_1 using channel ORA_DISK_2 using channel ORA_DISK_3 using channel ORA_DISK_4 channel ORA_DISK_4: restore complete, elapsed time: 00:00:15 Finished restore at 14-MAR-14 …... …... …… # Recover database RMAN> recover database; Starting recover at 14-MAR-14 using channel ORA_DISK_1 using channel ORA_DISK_2 using channel ORA_DISK_3 using channel ORA_DISK_4 starting media recovery media recovery complete, elapsed time: 00:00:00 Finished recover at 14-MAR-14 RMAN> alter database open; database opened

The restore is successfully complete!

For more information see:

Oracle® Database Backup and Recovery User's Guide

I hope this helps.

Please feel free to leave your questions or suggest improvements to this section.