E Encrypting Data with the ENCKEYS Method
To use this method of data encryption, you configure Oracle GoldenGate to generate an encryption key and store the key in a local ENCKEYS
file.
Note:
Oracle only recommends the use of this method for platforms where master key and wallet support is not available. You should not use this method if wallet-based support is available.The method secures the date in the trails or an Extract file and data sent across TCP/IP networks.
The ENCKEYS
method is valid for all Oracle GoldenGate-supported databases and platforms.
Blowfish must be used on the Db2 for i, Db2 z/OS, and NonStop platforms.
Encrypts the data in files, across data links, and across TCP/IP. Use any of the following:
-
Any Advanced Encryption Security (AES) cipher: Advanced Encryption Standard (AES) is a symmetric-key encryption standard that is used by governments and other organizations that require a high degree of data security. It offers three 128-bit block-ciphers: a 128-bit key cipher, a 192-bit key cipher, and a 256-bit key cipher. To use AES for any database other than Oracle on a 32-bit platform, the path to the lib sub-directory of the Oracle GoldenGate installation directory must be set with the library path variable. Bug 27523872 For different platforms the library path variable is different. For Linux it is
LD_LIBRARY_PATH
. For IBM i and AIX it isLIBPATH
,SHLIB_PATH
variable for Solaris and thePATH
variable on Windows. Not required for 64-bit platforms.AES-128
AES-192
AES-256
This method makes use of a permanent key that can only be changed by regenerating the algorithm, see Populating an ENCKEYS File with Encryption Keys.
The ENCKEYS
file must be secured through the normal method of assigning file permissions in the operating system.
This procedure generates an AES
encryption key and provides instructions for storing it in the ENCKEYS
file. ENCKEYS
file for microservices is stored in the
deployment_dir/etc/conf/ogg
directory. In Classic
Architecture, it's in the install location (same location as GGSCI).
Topics:
- Setting Up the Data Encryption
- Populating an ENCKEYS File with Encryption Keys
Learn how to use anENCKEYS
file.