Skip Headers

Oracle9i Security and Network Integration Guide
Release 2 (9.2) for Windows

Part Number A95492-01
Go To Documentation Library
Home
Go To Product List
Book List
Go To Table Of Contents
Contents
Go To Index
Index

Master Index

Feedback

Go to previous page Go to next page

4
Storing Oracle Wallets in the Windows Registry

This chapter describes storing and retrieving of Oracle Wallets in the Windows registry.

This chapter contains these topics:

Storing Private Keys and Trust Points

Oracle Wallets store private keys, trust points, and digital certificates used in public key applications for authentication and encryption. Oracle Wallet Manager creates and manages Oracle Wallets. Oracle Enterprise Login Assistant is used to create an obfuscated wallet. Oracle Public Key applications use obfuscated Oracle Wallets for authentication and encryption. You can log on once for each session with Oracle Enterprise Login Assistant, and all applications will use the same obfuscated wallet to authenticate until you log out. Encrypted and obfuscated Oracle Wallets can be stored in the file system or the user profile area in the Windows registry.


Note:

Oracle Wallet Manager, Oracle Enterprise Login Assistant and their related functionality are features of Oracle Advanced Security, a separately licensable option to Oracle9i database.


Storing User's Profile

In a Windows 2000 or Windows NT 4.0 domain, a user's profile is stored on the local computer. When a local user logs on to that computer, that user's profile on the local computer is uploaded into the user profile in that computer's registry. When a user logs out, that user's profile stored on the local file system is updated, ensuring that the domain user or local user always has the most recent user profile version.

Registry Parameters for Wallet Storage

Parameter WALLET_LOCATION in file sqlnet.ora specifies whether Oracle Wallets are stored in the file system or in the user profile area in the registry:

\\HKEY_CURRENT_USER\SOFTWARE\ORACLE\WALLETS 

It also specifies the location of the encrypted or obfuscated Oracle Wallet. The wallets are stored in the same format as those in the file system. All functionality is the same except for the location of the wallets.

For example, the WALLET_LOCATION parameter for storing an Oracle Wallet in the registry in:

 \\HKEY_CURRENT_USER\SOFTWARE\ORACLE\WALLETS\SALESAPP

would be:

WALLET_LOCATION =  (SOURCE= (METHOD=REG) (METHOD_DATA= (KEY=SALESAPP)))

Continuing the example, the encrypted Oracle Wallet would be stored in the registry in:

\\HKEY_CURRENT_USER\SOFTWARE\ORACLE\ORACLE\WALLETS\SALESAPP\EWALLET.P12 

and the obfuscated Oracle Wallet would be stored in:

\\HKEY_CURRENT_USER\SOFTWARE\ORACLE\ORACLE WALLETS\SALESAPP\CWALLET.SSO

Oracle Wallet Manager

Oracle Wallet Manager creates and manages Oracle Wallets. If you want to use the Windows registry for Oracle Wallets, then you must select the Use Windows System Registry check box. If Windows System Registry is selected, the tool shows a list of existing keys when it opens a wallet or saves a new wallet. The list appears in:

\\HKEY_CURRENT_USER\SOFTWARE\ORACLE\WALLETS

You can select one of the existing locations or enter the name for a new location (registry key). If you enter a new key called key1, for example, then the tool creates the following registry key:

\\HKEY_CURRENT_USER\SOFTWARE\ORACLE\WALLETS\KEY1

The encrypted wallet will be stored in:

\\HKEY_CURRENT_USER\SOFTWARE\ORACLE\WALLETS\KEY1\EWALLET.P12

The obfuscated wallet will be stored in:

\\HKEY_CURRENT_USER\SOFTWARE\ORACLE\WALLETS\KEY1\CWALLET.SSO

If you do not select the Use Windows System Registry check box, then the tool displays all the available drives and directories on the local computer. You can select one of the existing directories or enter a new directory. The tool stores the encrypted or obfuscated wallet in the selected directory or creates the directory if it does not exist.

Oracle Enterprise Login Assistant

When you start Oracle Enterprise Login Assistant, the tool first looks for an obfuscated wallet at the registry location:

\\HKEY_CURRENT_USER\SOFTWARE\ORACLE\WALLETS\DEFAULT

If the tool finds no obfuscated wallet in the registry, it looks for an obfuscated wallet at the file system location:

%USERPROFILE%\ORACLE\WALLETS

If Oracle Enterprise Login Assistant finds an obfuscated wallet at either location, then it returns a message stating that autologin has been enabled. If you select Logout at this point, then the tool removes the obfuscated wallet from wherever it found it (that is, either the registry or file system default locations). If you exit the tool without selecting Logout, then the obfuscated wallet is left where it was found.

If Oracle Enterprise Login Assistant does not find an obfuscated wallet at the default registry or file system locations, then the tool displays a message stating that autologin is not enabled.

If autologin is not enabled and you select Login, then Oracle Enterprise Login Assistant looks for an encrypted wallet at the registry location:

\\HKEY_CURRENT_USER\SOFTWARE\ORACLE\WALLETS\DEFAULT

If the tool finds no encrypted wallet in the registry, then it looks for an encrypted wallet in the local computer at the file system location:

%USERPROFILE%\ORACLE\WALLETS

If the tool finds an encrypted wallet at either location, then you are prompted for the wallet password. If you enter the correct password, then the tool creates an obfuscated wallet in the registry or the file system, depending on where it found the encrypted wallet. At the next Logout in the same session of the tool, it removes the obfuscated wallet from the registry or file system. If you exit Oracle Enterprise Login Assistant without selecting Logout, then the tool does not remove the obfuscated wallet.

If you select Login and Oracle Enterprise Login Assistant finds no encrypted wallet in the default registry or file system locations, then the tool displays a message stating that no Oracle Wallet was found in the default locations.

Wallet Resource Locator

Parameter WALLET_LOCATION in file sqlnet.ora is extended to support Oracle Wallets in the registry. WALLET_LOCATION specifies the location of the obfuscated Oracle Wallet for use by Oracle PKI applications.

On Windows operating systems, if there is no value specified for parameter WALLET_LOCATION in file sqlnet.ora, Oracle PKI applications first look for the obfuscated wallet in registry key:

\\HKEY_CURRENT_USER\SOFTWARE\ORACLE\WALLETS\DEFAULT

If no obfuscated wallet is found there, Oracle PKI applications look for it in the file system of the local computer at location:

%USERPROFILE%\ORACLE\WALLETS

If no obfuscated Oracle Wallet is found in the registry or file system default locations, then a No Oracle Wallet exists error is displayed.


Go to previous page Go to next page
Oracle
Copyright © 1996, 2002 Oracle Corporation.

All Rights Reserved.
Go To Documentation Library
Home
Go To Product List
Book List
Go To Table Of Contents
Contents
Go To Index
Index

Master Index

Feedback