ENCRYPT PASSWORD

Use ENCRYPT PASSWORD to encrypt a password that is used in an Oracle GoldenGate parameter file or command.

Syntax

ENCRYPT PASSWORD password
[AES128 | AES192 | AES256 | BLOWFISH]
ENCRYPTKEY {key_name | DEFAULT}
password

The login password. Do not enclose the password within quotes. If the password is case-sensitive, type it that way.

AES128 | AES192 | AES256 | BLOWFISH

Specifies the encryption algorithm to use.

  • AES128 uses the AES-128 cipher, which has a key size of 128 bits.

  • AES192 uses the AES-192 cipher, which has a key size of 192 bits.

  • AES256 uses the AES-256 cipher, which has a key size of 256 bits.

  • BLOWFISH uses Blowfish encryption with a 64-bit block size and a variable-length key size from 32 bits to 128 bits. Use BLOWFISH only for backward compatibility with earlier Oracle GoldenGate versions.

If no algorithm is specified, AES128 is the default for all database types except DB2 on z/OS and NonStop SQL/MX, where BLOWFISH is the default. AES is not supported for those platforms.

All of the AES ciphers have a 128-bit block size.

To use AES encryption for any database other than Oracle, the path of the lib sub-directory of the Oracle GoldenGate installation directory must be specified as an environment variable before starting any processes:

  • UNIX: Specify the path as an entry to the LD_LIBRARY_PATH or SHLIB_PATH variable. For example:

    setenv LD_LIBRARY_PATH ./lib:$LD_LIBRARY_PATH
    
  • Windows: Add the path to the PATH variable.

You can use the SETENV parameter to set it as a session variable for the process.

ENCRYPTKEY {key_name | DEFAULT}

Specifies the encryption key.

key_name

Specifies the logical name of a user-created encryption key in a local ENCKEYS lookup file. The key name is used to look up the actual key in the ENCKEYS file. A user-created key and an associated ENCKEYS file is required when using AES encryption; optional, but recommended, for Blowfish encryption. To use key_name, generate the key with KEYGEN or another utility, then store it in an ENCKEYS file on the source and target systems. For more information, see the security guidelines in the Administering Oracle GoldenGate for Windows and UNIX.

DEFAULT

Directs Oracle GoldenGate to generate a random key that is stored in the trail so that decryption can be performed by the downstream process. This type of key is insecure and should not be used in a production environment. Use this option only when BLOWFISH is specified. ENCRYPT PASSWORD returns an error if DEFAULT is used with any AES algorithm.

Examples

Example 1   
ENCRYPT PASSWORD ny14072 BLOWFISH ENCRYPTKEY DEFAULT
Example 2   
ENCRYPT PASSWORD ny14072 BLOWFISH ENCRYPTKEY superkey3
Example 3   
ENCRYPT PASSWORD ny14072 AES192 ENCRYPTKEY superkey2