C.1.2 Examples of Data Encryption using the ENCKEYS Method
The following example shows how to turn encryption on and off for different trails or files. In this example, Extract writes to two local trails, only one of which must be encrypted.
In the Extract configuration, trail bb
is the non-encrypted trail, so its EXTTRAIL
parameter is placed before the ENCRYPTTRAIL
parameter that encrypts trail aa
. Alternatively, you can use the NOENCRYPTTRAIL
parameter before the EXTTRAIL
parameter that specifies trail bb
and then use the ENCRYPTTRAIL
parameter before the EXTTRAIL
parameter that specifies trail aa
.
In this example, the encrypted data must be decrypted so that data pump
1pump
can perform work on it. Therefore, the
DECRYPTTRAIL
parameter is used in the parameter file of the
data pump. To re-encrypt the data for output, the ENCRYPTTRAIL
parameter must be used after DECRYPTTRAIL
but before the output
trail specifications. If the data pump did not have to perform work on the data, the
DECRYPTTRAIL
and ENCRYPTTRAIL
parameters could
have been omitted to retain encryption all the way to Replicat.
Example C-1 Extract Parameter File
EXTRACT capt USERIDALIAS ogg DISCARDFILE /ogg/capt.dsc, PURGE -- Do not encrypt this trail. EXTTRAIL /ogg/dirdat/bb TABLE SALES.*; -- Encrypt this trail with AES-192. ENCRYPTTRAIL AES192 EXTTRAIL /ogg/dirdat/aa TABLE FIN.*;
Example C-2 Data Pump 1 Parameter File
EXTRACT 1pump USERIDALIAS ogg DISCARDFILE /ogg/1pmp.dsc, PURGE -- Decrypt the trail this pump reads. Use encryption key mykey1. DECRYPTTRAIL AES192 -- Encrypt the trail this pump writes to, using AES-192. RMTHOSTOPTIONS myhost1, MGRPORT 7809 ENCRYPTTRAIL AES192 RMTTRAIL /ogg/dirdat/cc TABLE FIN.*;
Example C-3 Data pump 2 Parameter File
EXTRACT 2pump USERIDALIAS ogg DISCARDFILE /ogg/2pmp.dsc, PURGE RMTHOST myhost2, MGRPORT 7809 RMTTRAIL /ogg/dirdat/dd TABLE SALES.*;
Example C-4 Replicat1 (on myhost1) Parameter File
REPLICAT 1deliv USERIDALIAS ogg ASSUMETARGETDEFS DISCARDFILE /ogg/1deliv.dsc, PURGE -- Decrypt the trail this Replicat reads. Use encryption key mykey2. DECRYPTTRAIL AES192 MAP FIN.*, TARGET FIN.*;
Example C-5 Replicat 2 (on myhost2) parameter file
REPLICAT 2deliv USERIDALIAS ogg ASSUMETARGETDEFS DISCARDFILE /ogg/2deliv.dsc, PURGE MAP SALES.*, TARGET SALES.*;
Parent topic: Setting Up the Data Encryption