RMAN Backup Encryption

Oracle Database RMAN Backup Encryption



Purpose: To improve the Oracle backup security:


RMAN backups created as backup sets can be encrypted. Encrypted backups cannot be read if they are obtained by unauthorized people.

The minimum database version should be 10.2.0.

V$RMAN_ENCRYPTION_ALGORITHMS view contains a list of encryption algorithms supported by RMAN. If no encryption algorithm is specified, the default encryption algorithm is 128-bit AES.

RMAN Backup Encryption Modes:
1. Transparent Encryption of Backups
2. Password Encryption of Backups
3. Dual Mode Encryption of Backups

This concept of encryption/decryption also applies to Oracle RMAN (recovery manager) backup and recovery. The information needs to be encrypted using AES which encrypts data in 128,192,256 bits. It is necessary to set the encryption algorithm and supply password during recovery


RMAN> set encryption algorithm 'aes256' identified by password;
executing command: SET encryption
using target database control file instead of recovery catalog

RMAN> backup as compressed backupset database format \backup\oracle_backup_encryption.bkp';
Starting backup at 16-AUG-10
using channel ORA_DISK_1
channel ORA_DISK_1: starting compressed full datafile backup set
channel ORA_DISK_1: specifying datafile(s) in backup set
.....
RMAN> set decryption identified by password;