I have been sent a RMAN backup, which is dual encrypted, wallet and password.
The Oracle version is 11.1.0.7.
I am trying to restore the database on a new server.
I performed the following steps:
Create database with ORACLE_SID THEDB using a minimal init.ora file.
Configure the Wallet by copying the ewallet.p12 and cwallet.sso files to a directory, and then adding the ENCRYPTION_WALLET_LOCATION entry into sqlnet.ora.
The next steps are:
sqlplus / as sysdba
startup nomount
select status from v$encryption_wallet;
STATUS
----------------
OPEN
quit
Then RMAN:
rman target / nocatalog
set decryption identified by 'the_backup_pwd';
restore controlfile from 'THEDB_CF_xxxxx_yyy';
ORA-19913: unable to decrypt backup
Now, the backup was taken using AES256 encryption, but the default encryption for this empty database is AES128.
I cannot issue the CONFIGURE ENCRYPTION ALGORITHM 'AES256' command in RMAN as it fails with "database not mounted".
I am certain the wallet and password are correct, but still this error occurs.
What step is missing?
We found out that this only happened if the RMAN Encyrption password had special characters like '$' etc.
The only workaround was to use a heredoc with the password hardcoded .. not great ...
rman / target << EOF
set decryption 'ThePa$$Word'
run {
..
}
EOF
Even when run interactively and the password was manually key it we still got the ORA-19913: unable to decrypt backup. It is obviously a Oracle RMAN bug.