ewallet p12 vs cwallet sso

The ewallet.p12 stores credentials and certificates protected by a user password, while cwallet.sso provides an obfuscated, random password for auto-login capabilities, allowing for passwordless wallet access. Both files are often used together in an Oracle auto-login wallet, where ewallet.p12 holds the sensitive data and cwallet.sso enables the wallet to open without requiring the user's password. 

Key Differences

• ewallet.p12

  • Function: Stores private keys, certificates, and credentials. 
  • Protection: Protected by a user-defined password, which is required to access and modify the wallet. 
  • Use Case: For password-protected wallets where the password is provided during connection or modification. 
• cwallet.sso

  • Function: Enables "auto-login" functionality, allowing for passwordless access to the wallet. 
  • Protection: Uses an obfuscated, random password that is more secure than a simple user password for auto-login. 
  • Use Case: Bound to the specific host and user where it was created for increased security in auto-login environments. 

Relationship in an Auto-Login Wallet

• When you create an auto-login wallet using Oracle utilities, both ewallet.p12 and cwallet.sso files are generated. 
• The ewallet.p12 file contains the essential credentials and certificates, while the cwallet.sso file contains the obfuscated password needed for the auto-login feature to work. 
• The orapki utility can be used to modify the wallet, but it requires the wallet's original password, which was used to create the ewallet.p12 file. 

In summary: Use ewallet.p12 when you need a password-protected wallet to store your security credentials and certificates, and use cwallet.sso when you need the wallet to open automatically and bypass password prompts on the host it was created on.