E.1.1 Decrypting the Data with the ENCKEYS Method
Data that is encrypted over TCP/IP connections is decrypted automatically at the destination before it is written to a trail, unless trail encryption also is specified.
Data that is encrypted in the trail remains encrypted unless the DECRYPTTRAIL
parameter is used. DECRYPTTRAIL
is required by Replicat before it can apply encrypted data to the target. A data pump passes encrypted data untouched to the output trail, unless the DECRYPTTRAIL
and ENCRYPTTRAIL
parameters are used. If the data pump must perform work on the data, decrypt and encrypt the data as follows.
To Decrypt Data for Processing by a Data Pump
Add the DECRYPTTRAIL
parameter to the parameter file of the data pump. The decryption algorithm and key must match the ones that were used to encrypt the trail, see Setting Up the Data Encryption.
DECRYPTTRAIL {AES128 | AES192 | AES256 | BLOWFISH}
Similarlly, for ENCRYPTTRAIL
the keyword KEYNAME
is
required for ENCKEYS
.
To Encrypt Data After Processing by a Data Pump
To encrypt data before the data pump writes it to an output trail or file, use the
ENCRYPTTRAIL
parameter before the parameters that specify those
trails or files. Parameters that specify trails or files are
EXTTRAIL
, RMTTRAIL
, EXTFILE
,
and RMTFILE
. The ENCRYPTTRAIL
parameter and the
trail or file specifications must occur after the DECRYPTTRAIL
parameter.
Note:
The algorithm specified with ENCRYPTTRAIL
can vary from trail to trail. For example, you can use AES 128 to encrypt a local trail and AES 256 to encrypt a remote trail.
To Decrypt Data for Processing by Replicat
If a trail that Replicat reads is encrypted, add a DECRYPTTRAIL
parameter statement to the Replicat parameter file. The decryption algorithm and key must match the ones that were used to encrypt the trail.
Parent topic: Setting Up the Data Encryption