- Administering Oracle GoldenGate Classic Architecture
- Encrypting a Password in a Command or Parameter File
- Encrypting the Password
D.1 Encrypting the Password
- Run GGSCI.
- Issue the
ENCRYPT PASSWORD
command.ENCRYPT PASSWORD
password
algorithm
ENCRYPTKEY {key_name
| DEFAULT}Where:
-
password
is the clear-text login password. Do not enclose the password within quotes. If the password is case-sensitive, type it that way. -
algorithm
specifies the encryption algorithm to use:-
AES128
uses the AES 128 cipher, which has a key size of 128 bits. -
AES192
uses the AES 192 cipher, which has a key size of 192 bits. -
AES256
uses the AES 256 cipher, which has a key size of 256 bits. -
BLOWFISH
uses Blowfish encryption with a 64-bit block size and a variable-length key size from 32-bits to 128-bits. Use AES if supported for the platform. UseBLOWFISH
for backward compatibility with earlier Oracle GoldenGate versions, and for DB2 z/OS and DB2 for i. AES is not supported on those platforms.
-
-
ENCRYPTKEY
key_name
specifies the logical name of a user-created encryption key in theENCKEYS
lookup file. The key name is used to look up the actual key in theENCKEYS
file. Using a user-defined key and anENCKEYS
file is required for AES encryption. To create a key andENCKEYS
file, see Populating an ENCKEYS File with Encryption Keys. -
ENCRYPTKEY DEFAULT
directs Oracle GoldenGate to generate a predefined Blowfish key. This type of key is insecure and should not be used in a production environment if the platform supports AES. Use this option only for DB2 on /OS and DB2 for i whenBLOWFISH
is specified.ENCRYPT PASSWORD
returns an error if AES is used withDEFAULT
.If no algorithm is specified, AES 128 is the default for all database types except DB2 z/OS, where
BLOWFISH
is the default.
The following are examples of
ENCRYPT PASSWORD
with its various options.ENCRYPT PASSWORD mypassword AES256 ENCRYPTKEY mykey1 ENCRYPT PASSWORD mypassword BLOWFISH ENCRYPTKEY mykey1 ENCRYPT PASSWORD mypassword BLOWFISH ENCRYPTKEY DEFAULT
-
- The encrypted password is output to the screen when you run the
ENCRYPT PASSWORD
command. Copy the encrypted password and then see Specifying the Encrypted Password in a Parameter File or Command for instructions on pasting it to a command or parameter.
Parent topic: Encrypting a Password in a Command or Parameter File