TABLESPACE_ENCRYPTION_DEFAULT

2.396 TABLESPACE_ENCRYPTION_DEFAULT_ALGORITHM

TABLESPACE_ENCRYPTION_DEFAULT_ALGORITHM specifies the default algorithm the database uses when encrypting a tablespace.

Property	Description
Parameter type	String
Syntax	`TABLESPACE_ENCRYPTION_DEFAULT_ALGORITHM = { AES128 \| AES192 \| AES256 \| ARIA128 \| ARIA192 \| ARIA256 \| 3DES168 }` Note: `3DES168` must be enclosed in single quotation marks when specified in the `ALTER` `SYSTEM` command.
Default value	`AES256`
Modifiable	`ALTER SYSTEM`
Modifiable in a PDB	Yes
Basic	No
Oracle RAC	The same value should be specified for all instances.

The value of this initialization parameter determines the algorithm the database uses if an encryption algorithm is not specified when creating an encrypted tablespace or when encrypting an existing tablespace. For example, the value of this parameter takes effect when:

You create a tablespace with the CREATE TABLESPACE statement and you specify the ENCRYPTION … ENCRYPT clause, but you do not specify the USING keyword and an algorithm.
You create a tablespace with the CREATE TABLESPACE statement and you do not specify the ENCRYPTION … ENCRYPT clause. However, the value of the ENCRYPT_NEW_TABLESPACES initialization parameter instructs the database to encrypt the tablespace.
You encrypt an existing tablespace with the ALTER TABLESPACE statement, either by specifying the ENCRYPTION OFFLINE ENCRYPT clause or the ENCRYPTION ONLINE … ENCRYPT clause, and you do not specify the USING keyword and an algorithm.

Note:

GOST 28147-89 has been deprecated by the Russian government, and SEED has been deprecated by the South Korean government. If you need South Korean government-approved TDE cryptography, then use ARIA instead. If you are using GOST 28147-89, then you must decrypt and encrypt with another supported TDE algorithm. The decryption algorithms for GOST 28147-89 and SEED are included in Oracle Database 23ai, but are deprecated, and the GOST encryption algorithm is desupported with Oracle Database 23ai. If you are using GOST or SEED for TDE encryption, then Oracle recommends that you online re-key to another algorithm before upgrading to Oracle Database 23ai. However, with the exception of the HP Itanium platform, the GOST and SEED decryption libraries are available with Oracle Database 23ai, so you can also decrypt after upgrading.