Open your sqlnet.ora file located in the $ORACLE_HOME\network\admin directory in an editor.

You need to update your sqlnet.ora file to include an entry for ENCRYPTED_WALLET_LOCATION. Add the following command:

ENCRYPTION_WALLET_LOCATION= 
(SOURCE=(METHOD=FILE)(METHOD_DATA= (DIRECTORY=<oracle_home>)))

where <oracle_home> is the directory location of your oracle home (for example, /u01/app/oracle/product/11.1.0/db_1)

Save your changes and close the file.

Note: Any directory can be picked for the encrypted wallet, but the path should not point to the standard obfuscated wallet (cwallet.sso) created during DB installation.

Next, you need to open the wallet and create the master encryption key. Open a SQL*Plus session and execute the following commands:

connect / as sysdba
alter system set key identified by "welcome1";  

The above alter command does the following:

	If no encrypted wallet is present in the directory specified, the encrypted wallet is created (ewallet.p12), the wallet is opened, and the master key for TDE is created/recreated.
	If the encrypted wallet is present in the directory specified, the walled is opened, and the master key for TDE is created/recreated.

Note: only users with the 'alter system' privilege can create a master key or open the wallet.

The master key should only be created once, unless you want to re-encrypt your data with a new encryption key !!!

For later sessions, you do not want to use the command given above; you need the wallet to be open (it has been closed when you shut down your database), but you don't want to create a new master key. Then the command is:

alter system set wallet open identified by "welcome1"; 

The master encryption key is necessary because each table has its own encryption key. These column keys are stored in the database. Since the wallet can only store a limited number of keys and is not very scalable, the column keys are encrypted with the master key. This way, you can have as many column keys as needed, with only a small number of master keys stored in the wallet (including retired keys, that you may need one day to decrypt data from an old backup-tape). By default, the command above generates a key using the Advanced Encryption Standard with 192 bits (AES192). 3DES could also be used, or a smaller or bigger number of bits for the AES encryption.

To verify that Transparent Data Encryption is enabled from within Enterprise Manager Database Control, open your browser and enter the following URL.

https://<hostname>:1158/em

Login as the system user.

Select the Server tab.

Under Security, click Transparent Data Encryption.

The wallet is open and Transparent Data Encryption is enabled.

Under Related Links, click Tables.

Enter OE in the Schema field and click Go.

Select the radio button in front of CUSTOMERS and click Edit.

You can specify a different encryption algorithm and the key seed to be used for all encrypted columns in this table. Click Encryption Options.

Review the options and click Continue.

Select the checkbox in the Encryption column for CREDIT_LIMIT and click Apply.

A job was submitted to encrypt the column. Click the link to the job.

The job succeeded. Click the Database breadcrumb.

From the Server tab in Enterprise Manager Database Control, under Storage, select Tablespaces.

Click Create.

Enter OBE for the name of the tablespace and click Add under Datafiles.

Enter OBE for the File Name and click Continue.

Tablespace encryption protects all the objects in a tablespace by storing data in encrypted format on disk. An Oracle wallet must exist and needs to be in open state. Click Encryption Options.

Review the options and click Continue.

Select the Encryption checkbox and click OK.

Your tablespace was created successfully. Select the OBE link from the list of Tablespaces.

Notice that the Encryption option is set to Yes. Click the Database breadcrumb.

Open SQLDeveloper. in Linux, open a terminal window and execute the following commands:

cd $ORACLE_HOME/sqldeveloper/sqldeveloper/bin
./sqldeveloper

If you receive a message asking you if you want to migrate your previous connections, click No.

Create a Connection. Right-click Connections and select New Connection.

Enter OE for the Connection Name, Username and Password. Enter orcl for the SID and click Test.

Your test was successful. Click Connect.

You first want to create a copy of the CUSTOMERS table. From the SQL Worksheet, enter the following command and click Execute.

CREATE TABLE customers_obe AS SELECT * FROM customers 

Now you can move the table into the OBE tablespace (that is encrypted). Expand Tables and right-click CUSTOMERS_OBE and select Storage then Move Tablespace.

Select the OBE tablespace from the list and click Apply.

The table was moved to the OBE tablespace successfully. Click OK.

Now you can create an index on the DATE_OF_BIRTH column. Enter the following command in the SQL Worksheet area and click Execute.

CREATE INDEX customers_obe_idx ON customers_obe(date_of_birth) 

You can now select some data from the DATE_OF_BIRTH column. Enter the following command in the SQL Worksheet area and click Execute.

SELECT cust_last_name, date_of_birth FROM customers_obe
WHERE date_of_birth > '04-FEB-59'
AND date_of_birth < '06-FEB-59'

The data is selected. So what explain plan did it use. Click the Explain Plan icon.

Notice that it used the index and did an index(range scan) to retrieve the data rather than a full table scan.

From the Server tab in Enterprise Manager Database Control, under Security, select Transparent Data Encryption. .

Click the + in front of Advanced Options.

Under Regenerate Master Database Key, click Regenerate. Enter welcome1 for the Encryption Wallet Password and click OK.

Your Master Database Key was regenerated.

Click the Close Wallet checkbox and click OK.

The wallet was closed. To verify that Transparent Data Encryption is disabled, you will select data from the encrypted column you created earlier. Click the Database breadcrumb.

Scroll to the bottom of the page, under Related Links, click SQL Worksheet.

Enter the following command in the SQL Command area and click Execute.

Since the column is encrypted, the wallet needs to be open for the data to be queried. Leave this window open and switch back to Enterprise Manager.

From the Server tab in Enterprise Manager Database Control, under Security, select Transparent Data Encryption. .

Under Enable Transparent Data Encryption, enter your password in the Encryption Wallet Password field and click OK.

You wallet is now open.

Switch back to SQL Worksheet and reexecute the query. Notice this time, the column data appears.