Below method will be used to ENCRYPT trail file using ENCKEYS
We will use ENCKEYS to Encrypt Trail file which is Generated by EXTRACT and then Decrypt Trail file which will be read by REPLICAT
Below are some Notes for this Method
=> To encrypt trail data: In the parameter file of the primary Extract group and the data pump, add an ENCRYPTTRAIL parameter with the KEYNAME option before any parameter that specifies a trail or file that you want to be encrypted. => To Decrypt trail data: Data that is encrypted in the trail remains encrypted unless the DECRYPTTRAIL parameter is used. DECRYPTTRAIL is required by Replicat before it can apply encrypted data to the target ----- => To encrypt data across TCP/IP: In the RMTHOSTOPTIONS(Valid For Passive Extract) parameter in the parameter file of the data pump (or the primary Extract, if no pump is being used), add the ENCRYPT option with the KEYWORD clause. => To Decrypt data across TCP/IP: Data that is encrypted over TCP/IP connections is decrypted automatically at the destination before it is written to a trail, unless trail encryption also is specified. => A data pump passes encrypted data untouched to the output trail, unless the DECRYPTTRAIL and ENCRYPTTRAIL parameters are used.
Steps invloved for this practice as below
Step 1=> Generate Random key using keygen utility (From Goldengate Home) [oracle@HOST12C2020 gg_home]$./keygen 256 1 0xF8C635491B1E002B5EEF4A095881C05674A42E4B7372487AFD5C4F2F501BC007 Step 2=> Copy this key in ENCKEYS file on Source and then on Traget as below (On Goldengate Home ) --ON Source [oracle@HOST12C2020 gg_home]$ cat ENCKEYS # KeyName KeyValue # Key for Trail file Encryption fil1 0xF8C635491B1E002B5EEF4A095881C05674A42E4B7372487AFD5C4F2F501BC007 [oracle@HOST12C2020 gg_home]$ --ON Traget [oracle@HOST12C2021 gg_home]$ cat ENCKEYS # Key for Trail file Encryption fil1 0xF8C635491B1E002B5EEF4A095881C05674A42E4B7372487AFD5C4F2F501BC007 [oracle@HOST12C2021 gg_home]$ Step 3=> Edit EXTRACT parameter as below on Source GGSCI (HOST12C2020) 3> view params EXT1 EXTRACT ext1 USERID ggsource@NCDB password AADAAAAAAAAAAAIARIHASGODKDZFIAZISDJDGBNIOHZADDHFAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AES128 ENCRYPTKEY ggk ey --USERID ggsource@NCDB password ggsource --USERIDALIAS ggncdb --Encrypt Trail file on SOURCE ENCRYPTTRAIL AES256 KEYNAME fil1 EXTTRAIL /u01/app/oracle/gg_home/dirdat/tt TRANLOGOPTIONS EXCLUDEUSER ggsource TABLE dbsource.*; Step 4=> Edit REPLICAT parameter as below on Traget GGSCI (HOST12C2021) 3> view params REP1 REPLICAT rep1 ASSUMETARGETDEFS USERID ggtarget@TCDB PASSWORD ggtarget --Decrypt Trail on target DECRYPTTRAIL AES256 KEYNAME fil1 MAP dbsource.*, TARGET dbtarget.*; Step 5=> Start EXTRACT and then REPLICAT GGSCI (HOST12C2020) 2> info all Program Status Group Lag at Chkpt Time Since Chkpt MANAGER RUNNING EXTRACT RUNNING DPUMP1 00:00:00 00:25:04 EXTRACT RUNNING EXT1 00:00:00 00:00:02 GGSCI (HOST12C2021) 2> info all Program Status Group Lag at Chkpt Time Since Chkpt MANAGER RUNNING REPLICAT RUNNING REP1 00:00:00 00:00:09 Step 6=> Check ggseerror.log file for more information ON SOURCE [oracle@HOST12C2020 gg_home]$ cat ggserr.log |grep -i aes 2020-05-24T16:41:06.751+0530 INFO OGG-00987 Oracle GoldenGate Command Interpreter for Oracle: GGSCI command (oracle): dblogin userid ggsource password *** AES128 ggkey. 2020-05-24T16:41:36.626+0530 INFO OGG-00987 Oracle GoldenGate Command Interpreter for Oracle: GGSCI command (oracle): dblogin userid ggsource password *** AES128 ENCRYPTKEY ggkey. 2020-05-30T22:30:29.546+0530 INFO OGG-05519 Oracle GoldenGate Capture for Oracle, ext1.prm: Output trail file encryption: AES256. 2020-05-30T22:32:17.836+0530 INFO OGG-05520 Oracle GoldenGate Capture for Oracle, dpump1.prm: Input trail file encryption: AES256. 2020-05-30T22:32:17.918+0530 INFO OGG-05519 Oracle GoldenGate Capture for Oracle, dpump1.prm: Output trail file encryption: AES256. 2020-05-30T22:48:08.911+0530 INFO OGG-05519 Oracle GoldenGate Capture for Oracle, ext1.prm: Output trail file encryption: AES256. 2020-05-30T23:40:35.788+0530 INFO OGG-05519 Oracle GoldenGate Capture for Oracle, ext1.prm: Output trail file encryption: AES256. [oracle@HOST12C2020 gg_home]$ ON TARGET [oracle@HOST12C2021 gg_home]$ cat ggserr.log |grep -i aes 2020-05-30T22:35:38.036+0530 INFO OGG-05520 Oracle GoldenGate Delivery for Oracle, rep1.prm: Input trail file encryption: AES256. 2020-05-30T22:49:48.114+0530 INFO OGG-05520 Oracle GoldenGate Delivery for Oracle, rep1.prm: Input trail file encryption: AES256. 2020-05-30T23:40:45.312+0530 INFO OGG-05520 Oracle GoldenGate Delivery for Oracle, rep1.prm: Input trail file encryption: AES256. [oracle@HOST12C2021 gg_home]$
© 2021 Ace2Oracle. All Rights Reserved | Developed By IBOX444