E.1.1 Decrypting the Data with the ENCKEYS Method

Data that is encrypted over TCP/IP connections is decrypted automatically at the destination before it is written to a trail, unless trail encryption also is specified.

Data that is encrypted in the trail remains encrypted unless the DECRYPTTRAIL parameter is used. DECRYPTTRAIL is required by Replicat before it can apply encrypted data to the target. A data pump passes encrypted data untouched to the output trail, unless the DECRYPTTRAIL and ENCRYPTTRAIL parameters are used. If the data pump must perform work on the data, decrypt and encrypt the data as follows.

To Decrypt Data for Processing by a Data Pump

Add the DECRYPTTRAIL parameter to the parameter file of the data pump. The decryption algorithm and key must match the ones that were used to encrypt the trail, see Setting Up the Data Encryption.

DECRYPTTRAIL {AES128 | AES192 | AES256 | BLOWFISH}

Similarlly, for ENCRYPTTRAIL the keyword KEYNAME is required for ENCKEYS.

To Encrypt Data After Processing by a Data Pump

To encrypt data before the data pump writes it to an output trail or file, use the ENCRYPTTRAIL parameter before the parameters that specify those trails or files. Parameters that specify trails or files are EXTTRAIL, RMTTRAIL, EXTFILE, and RMTFILE. The ENCRYPTTRAIL parameter and the trail or file specifications must occur after the DECRYPTTRAIL parameter.

Note:

The algorithm specified with ENCRYPTTRAIL can vary from trail to trail. For example, you can use AES 128 to encrypt a local trail and AES 256 to encrypt a remote trail.

To Decrypt Data for Processing by Replicat

If a trail that Replicat reads is encrypted, add a DECRYPTTRAIL parameter statement to the Replicat parameter file. The decryption algorithm and key must match the ones that were used to encrypt the trail.