2.58 ENCRYPTTRAIL | NOENCRYPTTRAIL
Valid for
Extract
Description
Use ENCRYPTTRAIL
to encrypt data records in subsequent Oracle
GoldenGate trails until a NOENCRYPTTRAIL
is encountered.
This applies to
EXTFILE
, EXTTRAIL
, RMTFILE
and RMTTRAIL
entries. ENCRYPTTRAIL
is not
supported for RMTBATCH
.
If you plan to use encryption on some output trails and not others, then it's
recommended to not use this parameter, but instead use the encryption option on the
specific EXTTRAIL
, RMTTRAIL
,
EXTFILE
, or RMTFILE
to be encrypted.
Default
NOENCRYPTTRAIL
Syntax
ENCRYPTTRAIL (<AES>, KEYNAME <name>)
AES can be AES, AES128, AES192, or AES256.
The default is AES256.
Description
Specifies encryption explicity for each output trail.
AES trail encryption on HP NonStop currently uses the
ENCKEYS
file to store the trail master key. The default AES
masterkey name is DEFAULT
. There is no provision in the trail file
header to store a keyname, hence there is no way to know what
KEYNAME
was used at the source. If you use a keyname other than
DEFAULT
, then you must specify that keyname in downstream
readers with DECRYPTTRAIL
and the key must match the key at the
source.
The default masterkey is named DEFAULT
and needs to be
the same key value on every system that receives AES encrypted data.
AES trail encryption on HP NonStop cannot currently use the
WALLET
file used in the Open System Oracle GoldenGate products.
Do not use AES encryption to or from OpenSys using the Oracle Wallet. To use AES
encryption to and from OpenSys, you must use the ENCKEYS
file
implementation. OpenSys does not allow for a DEFAULT
key to be used
with AES, you must have a named key. When sending or receiving encrypted trails from
OpenSys, ensure that an ENCKEYS
file that has the master key exists
in the Oracle GoldenGate installed dir for Classic builds and in the
deployment_home/etc/conf/ogg
directory for MicroServices.
Oracle GoldenGate trail files that contain any flavor of AES encryption can only be
interrogated with the AES enabled version of LOGDUMP
, which is
LOGDUMPA
.
LOGDUMPA
can not be used to interrogate TMF.