IMHO the docs are a little thin on this, but admittedly I haven't looked around a ton and I might be missing some good web tutorials. I've been completely immersed in 11gR2 TDE for the past months - so let me take a stab at a few of those issue you hit. First off, it seems that a lot changes in 12c. Just be warned... you'll probably have to re-learn everything on multitenant. 1) EM - I have no idea, I haven't bothered with EM yet at all. <g> 2) location: select WRL_PARAMETER from [G]V$ENCRYPTION_WALLET is definitive. 3) opening and closing wallets: very important to understand there are (at least) 3 kinds of wallets. the 'standard' p12 wallet on disk, the sso/auto-open wallet, and HSM (hardware) wallets. multiple wallets can be open simultaneously and oracle has a very unhelpful interface around the whole thing. 3a) standard p12: ALTER SYSTEM SET ENCRYPTION WALLET OPEN IDENTIFIED BY "PASSWORD" to open and ALTER SYSTEM SET ENCRYPTION WALLET CLOSE IDENTIFIED BY "PASSWORD" to close 3b) sso/auto-open: query [G]V$ENCRYPTION_WALLET to open [accessing tables might do it too] and ALTER SYSTEM SET ENCRYPTION WALLET CLOSE to close. there's no way to check if wallets are open without triggering the sso wallet to auto-open itself. the only way to "verify" that it's closed is actually rename/move cwallet.sso and then "set encryption wallet close" and then query v$encryption_wallet. 4) orapki and mkstore utilities: i've only used three commands so far: "orapki wallet create" to setup the -auto_login_local wallet, and "mkstore -viewEntry" and "orapki wallet display" to view the contents. agree doc & help isn't great. I'm just brain dumping here, hoping something helps you out. Good luck with TDE and post any other questions to oracle-l; if I'm around then I'll try to answer stuff I can - since I've recently been digging into this feature! -Jeremy -- http://about.me/jeremy_schneider On Wed, Mar 11, 2015 at 1:48 PM, Charles Schultz <sacrophyte@xxxxxxxxx> wrote: > I feel like an idiot asking this of such a list of smart people, but I must. > > Where does one get started with Transparent Data Encryption? > > I am trying to teach myself, but I have run up against some quirky things > that hinder my progress. > > For example, Enterprise Manager seems very inconsistent; using 12c EMCC, I > never know when/if the "Transparent Data Encryption" menu option will appear > under "Security". When it does, it is not clear if the options I select have > any significance. For example, when I "close" the wallet, I get a message > saying the wallet was successfully closed, but nothing changes in the > database (I can still select uncached data from an encrypted tablespace) and > the wallet still shows as open in EM. > > Another example. I have tried to follow the documentation for an 11gR2 > database. Setting the encryption key via sqlplus seems to work fine, but > then I can not locate the wallet which should be in the "default location". > When I set a specific location in sqlnet.ora, I still do not see the wallet. > I often get messages about an auto-login wallet when trying to open or > close. And the documentation for the orapki interface leaves me confused. :) > > Obviously I am bumbling around. Is there a simpler way to get my feet wet? > > Or am I just not getting it? :) > > -- > Charles Schultz -- //www.freelists.org/webpage/oracle-l