Skip Headers
Oracle® Database Platform Guide
10g Release 2 (10.2) for Microsoft Windows Itanium (64-Bit)

Part Number B14305-05
Go to Documentation Home
Home
Go to Book List
Book List
Go to Table of Contents
Contents
Go to Index
Index
Go to Master Index
Master Index
Go to Feedback page
Contact Us

Go to previous page
Previous
Go to next page
Next
PDF · Mobi · ePub

10 Storing Oracle Wallets in the Windows Registry

This chapter describes storing and retrieving of Oracle Wallets in the Windows registry.

Storing Private Keys and Trust Points

Oracle Wallets store private keys, trust points, and digital certificates used in public key applications for authentication and encryption. Oracle Wallet Manager creates and manages Oracle Wallets. Oracle public key applications use obfuscated Oracle Wallets for authentication and encryption.

Note:

Oracle Wallet Manager is a feature of Oracle Advanced Security, a separately licensable option to Oracle Database.

Storing User's Profile

In a Windows Server 2003 domain, a user's profile is stored on the local computer. When a local user logs on to that computer, that user's profile on the local computer is uploaded into the user profile in that computer's registry. When a user logs out, that user's profile stored on the local file system is updated, ensuring that the domain user or local user always has the most recent user profile version.

Registry Parameters for Wallet Storage

Parameter WALLET_LOCATION in file sqlnet.ora specifies the location of the obfuscated Oracle Wallet for use by Oracle PKI applications. For example, the WALLET_LOCATION parameter for storing an Oracle Wallet in the registry in:

\\HKEY_CURRENT_USER\SOFTWARE\ORACLE\WALLETS\SALESAPP

would be:

WALLET_LOCATION =  (SOURCE= (METHOD=REG) (METHOD_DATA= (KEY=SALESAPP)))

Continuing the example, the encrypted Oracle Wallet would be stored in the registry in:

\\HKEY_CURRENT_USER\SOFTWARE\ORACLE\WALLETS\SALESAPP\EWALLET.P12 

and the obfuscated Oracle Wallet would be stored in:

\\HKEY_CURRENT_USER\SOFTWARE\ORACLE\WALLETS\SALESAPP\CWALLET.SSO

On Windows operating systems, if there is no value specified for parameter WALLET_LOCATION, then Oracle PKI applications first look for the obfuscated wallet in registry key:

\\HKEY_CURRENT_USER\SOFTWARE\ORACLE\WALLETS\DEFAULT

If no obfuscated wallet is found there, Oracle PKI applications look for it in the file system of the local computer at location:

%USERPROFILE%\ORACLE\WALLETS

Regardless of location, wallets are always stored in the same format. All functionality is the same except for the location of the wallets.

Oracle Wallet Manager

Oracle Wallet Manager creates and manages Oracle Wallets. If you want to use the Windows registry for Oracle Wallets, then you must select the Use Windows System Registry check box. If Windows System Registry is selected, then the tool shows a list of existing keys when it opens a wallet or saves a new wallet. The list appears in:

\\HKEY_CURRENT_USER\SOFTWARE\ORACLE\WALLETS

You can select one of the existing locations or enter the name for a new location (registry key). If you enter a new key called key1, for example, then the tool creates the following registry key:

\\HKEY_CURRENT_USER\SOFTWARE\ORACLE\WALLETS\KEY1

The encrypted wallet will be stored in:

\\HKEY_CURRENT_USER\SOFTWARE\ORACLE\WALLETS\KEY1\EWALLET.P12

The obfuscated wallet will be stored in:

\\HKEY_CURRENT_USER\SOFTWARE\ORACLE\WALLETS\KEY1\CWALLET.SSO

If you do not select the Use Windows System Registry check box, then the tool displays all the available drives and directories on the local computer. You can select one of the existing directories or enter a new directory. The tool stores the encrypted or obfuscated wallet in the selected directory or creates the directory if it does not exist.

Sharing Wallets and sqlnet.ora Files Among Multiple Databases

Multiple nonreplicated databases cannot share wallets. If sqlnet.ora files contain wallet location information, then databases also cannot share sqlnet.ora files.

The only exception to this rule is password-authenticated or Kerberos-authenticated enterprise user security with default database-to-directory connection configuration that uses passwords. This configuration keeps database wallets in the default location, where Database Configuration Assistant creates them. In this situation, no wallet location information is stored in the sqlnet.ora file, and the wallet can be shared among multiple databases.

Note:

If SSL is used for enterprise user authentication, then the wallet location must be specified in the sqlnet.ora file. So sqlnet.ora files cannot be shared by multiple databases for SSL-authenticated enterprise users.