1. Administering Oracle GoldenGate Classic Architecture
  2. Encrypting a Password in a Command or Parameter File
  3. Encrypting the Password

D.1 Encrypting the Password

  1. Run GGSCI.
  2. Issue the ENCRYPT PASSWORD command.
    ENCRYPT PASSWORD password algorithm ENCRYPTKEY {key_name | DEFAULT}

    Where:

    • password is the clear-text login password. Do not enclose the password within quotes. If the password is case-sensitive, type it that way.

    • algorithm specifies the encryption algorithm to use:

      • AES128 uses the AES 128 cipher, which has a key size of 128 bits.

      • AES192 uses the AES 192 cipher, which has a key size of 192 bits.

      • AES256 uses the AES 256 cipher, which has a key size of 256 bits.

      • BLOWFISH uses Blowfish encryption with a 64-bit block size and a variable-length key size from 32-bits to 128-bits. Use AES if supported for the platform. Use BLOWFISH for backward compatibility with earlier Oracle GoldenGate versions, and for DB2 z/OS and DB2 for i. AES is not supported on those platforms.

    • ENCRYPTKEY key_name specifies the logical name of a user-created encryption key in the ENCKEYS lookup file. The key name is used to look up the actual key in the ENCKEYS file. Using a user-defined key and an ENCKEYS file is required for AES encryption. To create a key and ENCKEYS file, see Populating an ENCKEYS File with Encryption Keys.

    • ENCRYPTKEY DEFAULT directs Oracle GoldenGate to generate a predefined Blowfish key. This type of key is insecure and should not be used in a production environment if the platform supports AES. Use this option only for DB2 on /OS and DB2 for i when BLOWFISH is specified. ENCRYPT PASSWORD returns an error if AES is used with DEFAULT.

      If no algorithm is specified, AES 128 is the default for all database types except DB2 z/OS, where BLOWFISH is the default.

    The following are examples of ENCRYPT PASSWORD with its various options. 

    ENCRYPT PASSWORD mypassword AES256 ENCRYPTKEY mykey1
ENCRYPT PASSWORD mypassword BLOWFISH ENCRYPTKEY mykey1
ENCRYPT PASSWORD mypassword BLOWFISH ENCRYPTKEY DEFAULT
  3. The encrypted password is output to the screen when you run the ENCRYPT PASSWORD command. Copy the encrypted password and then see Specifying the Encrypted Password in a Parameter File or Command for instructions on pasting it to a command or parameter.

Parent topic: Encrypting a Password in a Command or Parameter File