1. Administering Oracle GoldenGate Classic Architecture
  2. Encrypting Data with the ENCKEYS Method
  3. Setting Up the Data Encryption
  4. Examples of Data Encryption using the ENCKEYS Method

E.1.2 Examples of Data Encryption using the ENCKEYS Method

The following example shows how to turn encryption on and off for different trails or files. In this example, Extract writes to two local trails, only one of which must be encrypted.

In the Extract configuration, trail bb is the non-encrypted trail, so its EXTTRAIL parameter is placed before the ENCRYPTTRAIL parameter that encrypts trail aa. Alternatively, you can use the NOENCRYPTTRAIL parameter before the EXTTRAIL parameter that specifies trail bb and then use the ENCRYPTTRAIL parameter before the EXTTRAIL parameter that specifies trail aa.

Description of oggse_pb_002a.png follows
Description of the illustration oggse_pb_002a.png

In this example, the encrypted data must be decrypted so that data pump 1pump can perform work on it. Therefore, the DECRYPTTRAIL parameter is used in the parameter file of the data pump. To re-encrypt the data for output, the ENCRYPTTRAIL parameter must be used after DECRYPTTRAIL but before the output trail specifications. If the data pump did not have to perform work on the data, the DECRYPTTRAIL and ENCRYPTTRAIL parameters could have been omitted to retain encryption all the way to Replicat.

Example E-1 Extract Parameter File

EXTRACT capt
USERIDALIAS ogg
DISCARDFILE /ogg/capt.dsc, PURGE
-- Do not encrypt this trail.
EXTTRAIL /ogg/dirdat/bb
TABLE SALES.*;
-- Encrypt this trail with AES-192.
ENCRYPTTRAIL {AES192} KEYNAME keyname 
EXTTRAIL /ogg/dirdat/aa
TABLE FIN.*;

Example E-2 Data Pump 1 Parameter File

EXTRACT 1pump
USERIDALIAS ogg
DISCARDFILE /ogg/1pmp.dsc, PURGE
-- Decrypt the trail this pump reads. Use encryption key mykey1.
DECRYPTTRAIL AES192
-- Encrypt the trail this pump writes to, using AES-192.
RMTHOSTOPTIONS myhost1, MGRPORT 7809
ENCRYPTTRAIL AES192
RMTTRAIL /ogg/dirdat/cc
TABLE FIN.*;

Example E-3 Data pump 2 Parameter File

EXTRACT 2pump
USERIDALIAS ogg
DISCARDFILE /ogg/2pmp.dsc, PURGE
RMTHOST myhost2, MGRPORT 7809
RMTTRAIL /ogg/dirdat/dd
TABLE SALES.*;

Example E-4 Replicat1 (on myhost1) Parameter File

REPLICAT 1deliv
USERIDALIAS ogg
ASSUMETARGETDEFS
DISCARDFILE /ogg/1deliv.dsc, PURGE
-- Decrypt the trail this Replicat reads. Use encryption key mykey2.
DECRYPTTRAIL AES192
MAP FIN.*, TARGET FIN.*;

Example E-5 Replicat 2 (on myhost2) parameter file

REPLICAT 2deliv
USERIDALIAS ogg
ASSUMETARGETDEFS
DISCARDFILE /ogg/2deliv.dsc, PURGE
MAP SALES.*, TARGET SALES.*;

Parent topic: Setting Up the Data Encryption