1. Reference for Oracle GoldenGate
  2. Oracle GoldenGate Common Components
  3. Oracle GoldenGate Parameters
  4. ENCRYPTTRAIL | NOENCRYPTTRAIL

ENCRYPTTRAIL | NOENCRYPTTRAIL

Valid For

Extract

Description

Use the ENCRYPTTRAIL and NOENCRYPTTRAIL parameters to control whether Oracle GoldenGate encrypts or does not encrypt trail data that is written to a trail or Extract file.

You can use encryption for local and remote trails by specifying the EXTTRAIL and RMTTRAIL parameters in your Extract parameter file.

ENCRYPTTRAIL and NOENCRYPTTRAIL are trail or file-specific. One affects all subsequent trail or Extract file specifications in the parameter file until the other parameter is encountered. The parameter must be placed before the parameter entry for the trail that it will affect.

ENCRYPTTRAIL and NOENCRYPTTRAIL cannot be used when FORMATASCII is used to write data to a file in ASCII format. The trail file must be written in the default Oracle GoldenGate canonical format.

ENCRYPTTRAIL encrypts the trail data across all data links and within the files themselves. Only the data blocks are encrypted. User tokens are not encrypted.

Default

NOENCRYPTTRAIL

Syntax

ENCRYPTTRAIL (AES, KEYNAME name)
ENCRYPTTRAIL (GGS)
ENCRYPTTRAIL (AES, KEYNAME name)

ENCRYPTTRAIL without options specifies 256-key byte substitution AES256 as the default for all database types except the NonStop platform because Advanced Encryption Standard (AES) encryption is not supported on that platform.

It's mandatory to provide a value for ENCRYPTTRAIL, otherwise Extract will abend. ENCRYPTTRAIL supports the following encryption methods:

  • AES 128, AES 192, AES 256 (Master key and wallet method): Use the masterkey based on the encryption profile. Oracle recommends using this method for encryption. Also see Trail File Encryption to learn about creating an encryption profile in Oracle GoldenGate.

  • AES 128, AES 192, AES 256 (ENCKEYS method): Use keys stored in ENCKEYS, the backward compatible encryption method, that is only needed if the trail file needs to be sent to HP Nonstop platforms.

AES includes encryption key length to use. This is a symmetric-key encryption standard that is used by governments and other organizations that require a high degree of data security.

  • AES128 has a 128-bit block size with a key size of 128 bits.

  • AES192 has a 192-bit block size with a key size of 192 bits.

  • AES256 has a 256-bit block size with a key size of 256 bits.

To use AES encryption for any database other than Oracle on a 32-bit platform, the path of the /lib sub-directory of the Oracle GoldenGate installation directory must be specified as an environment variable before starting any processes. This is not required on 64-bit platforms.

Set the path as follows:

  • Linux: Specify the path as an entry to the LD_LIBRARY_PATHvariable. For example: 

    setenv LD_LIBRARY_PATH ./lib:$LD_LIBRARY_PATH

  • For Solaris: Specify the path as an entry to the SHLIB_PATH variable.

  • For IBMi and AIX: Specify the path as an entry to the LIBPATH variable.

  • For Windows: Add the path to the PATH variable.

You can use the SETENV parameter to set it as a session variable for the process.

ENCRRYPTTRAIL (GGS)

The GGS option is not recommended for encryption as it is not a secure approach. This option should only be used for backward compatibility.

NOENCRYPTTRAIL

Prevents the trail from being encrypted. This is the default.

Examples

Example 1   

In the following example, the master key and wallet method is used. The Extract process writes to two trails. The data for the emp table is written to trail /home/ggsora/dirdat/em, which is encrypted with the AES-192 cipher. The data for the stores table is written to trail /home/ggsora/dirdat/st, which is not encrypted. 

ENCRYPTTRAIL AES192
RMTTRAIL /home/ggsora/dirdat/em
TABLE hr.emp;
NOENCRYPTTRAIL
RMTTRAIL /home/ggsora/dirdat/st
TABLE ops.stores;
Example 2   

As an alternative to the preceding example, you can omit NOENCRYPTTRAIL if you list all non-encrypted trails before the ENCRYPTTRAIL parameter. 

RMTTRAIL /home/ggsora/dirdat/st
TABLE ops.stores;
ENCRYPTTRAIL AES192
RMTTRAIL /home/ggsora/dirdat/em
TABLE hr.emp;
Example 3   

In the following example, the ENCKEYS method is used. 

ENCRYPTTRAIL AES192, KEYNAME mykey1
RMTTRAIL /home/ggsora/dirdat/em
TABLE hr.emp;
TABLE ops.stores;