Network Encryption Definition
Oracle Database is provided with a network infrastructure called Oracle Net Services between the client and the server. Communication between the client and the server on the network is carried in plain text with Oracle Client.
Only the password field that Oracle uses to authenticate should not be added here. The password field is always encrypted over the network according to the O5Logon protocol.
When we use Oracle Net Service for communication between client and server, we have the ability to encrypt the information transmitted on the network.
Configuring for Network Encryption
The configuration for Network Encryption is defined in the “sqlnet.ora” file on the client and server side. Before configuring, Oracle Net installation must be done on both the server and client side.
Configuration can be done by replacing the file “sqlnet.ora” with the text editor or with the netmgr program.
Two separate parameters are used on the server side.
SQLNET.ENCRYPTION_SERVER = [accepted | rejected | requested | required ]
SQLNET.ENCYRPTION_TYPES_SERVER = (algorithm name)
The parameters used by the client side,
SQLNET.ENCRYPTION_CLIENT = [ accepted | rejected | requested | required ]
SQLNET.ENCYRPTION_TYPES_CLIENT = ( algorithm name )
Of these parameters, the SQLNET.ENCYRPTION_TYPES_CLIENT and SQLNET.ENCYRPTION_TYPES_SERVER parameters must be selected from the previously provided encryption algorithms.
With the installation of Oracle Net, all these encryption algorithms are installed. The SQLNET.ENCRYPTION_SERVER and SQLNET.ENCRYPTION_CLIENT parameters are parameters that determine whether to encrypt the client and the server.
This parameter can take the following values,
The default value is ACCEPTED.
REJECRED : This means that the client and server will never establish an encrypted connection.
ACCEPTED : It means that the client and the server can establish an encrypted connection if there is a request to establish an encrypted connection.
REQUESTED : It means that the client and the server want to establish an encrypted connection.
REQUIRED : It means that the client or server is necessarily trying to establish an encrypted connection. The client and server cannot establish a connection when a connection is requested withouth password.
The following is a list of how to connect to all combinations of parameters SQLNET.ENCRYPTION_CLIENT and SQLNET.ENCRYPTION_SERVER.
The parameters used on the client and server side to ensure data integrity are:
SQLNET.CRYPTO_CHECKSUM_SERVER = [ accepted | rejected | requested | required ]
SQLNET.CRYPTO_CHECKSUM_TYPES_SERVER = ( algorithm name )
SQLNET.CRYPTO_CHECKSUM_CLIENT = [ accepted | rejected | requested | required ]
SQLNET.CRYPTO_CHECKSUM_TYPES_CLIENT = ( algorithm name )
Network Encryption Examples
In this example, let’s define the following parameters on the client side to the “sqlnet.ora” file. If you don’t know the location of “sqlnet.ora” file on your computer, you will need to search for.
TRACE_LEVEL_CLIENT=10 SQLNET.ENCRYPTIOEN_CLIENT = Requested SQLNET.ENCRYPTIOEN_TYPES_CLIENT = ( AES128 ) SQLNET.CRYPTO_CHECKSUM_CLIENT = Requested SQLNET.CRYPTO_CHECKSUM_TYPES_CLIENT = (SHA1)
The following parameter in sqlnet.ora creates log files to indicate that the connection to the server is encrypted.
The following parameters are set by the server in the “sqlnet.ora” file.
The data transfer will be encrypted because the SQLNET.ENCRYPTION_CLIENT parameter is REQUESTED on both the client side and the server side.
Let’s connect to the server with sqldeveloper from client.
After you close the connection, let’s search all .trc files on the client. The trace file created at the time of the connection will tell us whether the connection is encrypted.
Look for the word “encryption” in this file.
This result indicates that the data is encrypted over the network with the AES128 algorithm and data integrity is ensured by the SHA1 algorithm.
See you in the next article..