1. Command Line Interface Reference for Oracle GoldenGate
  2. Common Command Line Interface Commands
  3. ENCRYPT PASSWORD

2.38 ENCRYPT PASSWORD

Use ENCRYPT PASSWORD to encrypt a password that is used in an Oracle GoldenGate parameter file or command.

Admin Client Syntax

ENCRYPT PASSWORD password
ENCRYPTKEY key_name

GGSCI Syntax

ENCRYPT PASSWORD password
[AES128 | AES192 | AES256 | BLOWFISH]
ENCRYPTKEY {key_name | DEFAULT}
password

The login password. Do not enclose the password within quotes. Do not use commas in passwords. If the password is case-sensitive, type it that way.

AES128 | AES192 | AES256 | BLOWFISH

Specifies the encryption algorithm to use.

  • AES128 uses the AES-128 cipher, which has a key size of 128 bits.

  • AES192 uses the AES-192 cipher, which has a key size of 192 bits.

  • AES256 uses the AES-256 cipher, which has a key size of 256 bits.

  • BLOWFISH uses Blowfish encryption with a 64-bit block size and a variable-length key size from 32 bits to 128 bits. Use BLOWFISH only for backward compatibility with earlier Oracle GoldenGate versions.

    Note:

    BLOWFISH encryption desupported in Microservice Architecture

If no algorithm is specified, AES128 is the default for all database types where BLOWFISH is the default. AES is not supported for those platforms.

All of the AES ciphers have a 128-bit block size.

To use AES encryption for any database other than Oracle, the path of the lib sub-directory of the Oracle GoldenGate installation directory must be specified as an environment variable before starting any processes:

  • UNIX: Specify the path as an entry to the LD_LIBRARY_PATH or SHLIB_PATH variable. For example: 

    setenv LD_LIBRARY_PATH ./lib:$LD_LIBRARY_PATH

  • Windows: Add the path to the PATH variable.

You can use the SETENV parameter to set it as a session variable for the process.

ENCRYPTKEY {key_name | DEFAULT}

Specifies the encryption key.

key_name

Specifies the logical name of a user-created encryption key in a local ENCKEYS lookup file. The key name is used to look up the actual key in the ENCKEYS file. A user-created key and an associated ENCKEYS file is required when using AES encryption; optional, but recommended, for Blowfish encryption. To use key_name, generate the key with KEYGEN or another utility, then store it in an ENCKEYS file on the source and target systems. The AES ciphers have a 128-bit block size.

DEFAULT

(GGSCI) Directs Oracle GoldenGate to generate a random key that is stored in the trail so that decryption can be performed by the downstream process. This type of key is insecure and should not be used in a production environment. Use this option only when BLOWFISH is specified. ENCRYPT PASSWORD returns an error if DEFAULT is used with any AES algorithm.

Examples

The following exmaple is applicable for Classic Architecture only (GGSCI)
ENCRYPT PASSWORD ny14072 BLOWFISH ENCRYPTKEY DEFAULT
ENCRYPT PASSWORD ny14072 BLOWFISH ENCRYPTKEY superkey3
ENCRYPT PASSWORD ny14072 AES192 ENCRYPTKEY superkey2

Parent topic: Common Command Line Interface Commands