1. Administering Oracle GoldenGate Classic Architecture
  2. Encrypting Data with the ENCKEYS Method

E Encrypting Data with the ENCKEYS Method

To use this method of data encryption, you configure Oracle GoldenGate to generate an encryption key and store the key in a local ENCKEYS file.

Note:

Oracle only recommends the use of this method for platforms where master key and wallet support is not available. You should not use this method if wallet-based support is available.

The method secures the date in the trails or an Extract file and data sent across TCP/IP networks.

The ENCKEYS method is valid for all Oracle GoldenGate-supported databases and platforms. Blowfish must be used on the Db2 for i, Db2 z/OS, and NonStop platforms.

Encrypts the data in files, across data links, and across TCP/IP. Use any of the following:

  • Any Advanced Encryption Security (AES) cipher: Advanced Encryption Standard (AES) is a symmetric-key encryption standard that is used by governments and other organizations that require a high degree of data security. It offers three 128-bit block-ciphers: a 128-bit key cipher, a 192-bit key cipher, and a 256-bit key cipher. To use AES for any database other than Oracle on a 32-bit platform, the path to the lib sub-directory of the Oracle GoldenGate installation directory must be set with the library path variable. Bug 27523872 For different platforms the library path variable is different. For Linux it is LD_LIBRARY_PATH. For IBM i and AIX it is LIBPATH, SHLIB_PATH variable for Solaris and the PATH variable on Windows. Not required for 64-bit platforms.

    AES-128

    AES-192

    AES-256

This method makes use of a permanent key that can only be changed by regenerating the algorithm, see Populating an ENCKEYS File with Encryption Keys.

The ENCKEYS file must be secured through the normal method of assigning file permissions in the operating system.

This procedure generates an AES encryption key and provides instructions for storing it in the ENCKEYS file. ENCKEYS file for microservices is stored in the deployment_dir/etc/conf/ogg directory. In Classic Architecture, it's in the install location (same location as GGSCI).

Topics: