1. Reference Guide for Oracle GoldenGate for HP NonStop (Guardian)
  2. Oracle GoldenGate Parameters
  3. ENCRYPTTRAIL | NOENCRYPTTRAIL

2.58 ENCRYPTTRAIL | NOENCRYPTTRAIL

Valid for

Extract

Description

Use ENCRYPTTRAIL to encrypt data records in subsequent Oracle GoldenGate trails until a NOENCRYPTTRAIL is encountered. This applies to EXTFILE, EXTTRAIL, RMTFILE and RMTTRAIL entries. ENCRYPTTRAIL is not supported for RMTBATCH.

If you plan to use encryption on some output trails and not others, then it's recommended to not use this parameter, but instead use the encryption option on the specific EXTTRAIL, RMTTRAIL, EXTFILE, or RMTFILE to be encrypted.

Default

NOENCRYPTTRAIL

Syntax

ENCRYPTTRAIL (<AES>, KEYNAME <name>)

AES can be AES, AES128, AES192, or AES256.

The default is AES256.

Description

Specifies encryption explicity for each output trail.

AES trail encryption on HP NonStop currently uses the ENCKEYS file to store the trail master key. The default AES masterkey name is DEFAULT. There is no provision in the trail file header to store a keyname, hence there is no way to know what KEYNAME was used at the source. If you use a keyname other than DEFAULT, then you must specify that keyname in downstream readers with DECRYPTTRAIL and the key must match the key at the source.

The default masterkey is named DEFAULT and needs to be the same key value on every system that receives AES encrypted data.

AES trail encryption on HP NonStop cannot currently use the WALLET file used in the Open System Oracle GoldenGate products. Do not use AES encryption to or from OpenSys using the Oracle Wallet. To use AES encryption to and from OpenSys, you must use the ENCKEYS file implementation. OpenSys does not allow for a DEFAULT key to be used with AES, you must have a named key. When sending or receiving encrypted trails from OpenSys, ensure that an ENCKEYS file that has the master key exists in the Oracle GoldenGate installed dir for Classic builds and in the deployment_home/etc/conf/ogg directory for MicroServices.

Oracle GoldenGate trail files that contain any flavor of AES encryption can only be interrogated with the AES enabled version of LOGDUMP, which is LOGDUMPA.

LOGDUMPA can not be used to interrogate TMF.