12 Populating an ENCKEYS File with Encryption Keys

Learn how to use an ENCKEYS file.

You must generate and store encryption keys when using the security features:

ENCRYPTTRAIL (see Encrypting the Data with the ENCKEYS Method)
ENCRYPT PASSWORD with ENCRYPTKEY keyname (see Encrypting a Password in a Command or Parameter File)
RMTHOST or RMTHOSTOPTIONS with ENCRYPT (see Encrypting the Data with the ENCKEYS Method)

You can define your own key or run the Oracle GoldenGate KEYGEN utility to create a random key.

Topics:

Parent topic: Securing Oracle GoldenGate

12.1 Defining Your Own Key

Use a tool of your choice. The key value can be up to 256 bits (32 bytes) as either of the following:

a quoted alphanumeric string (for example "Dailykey")
a hex string with the prefix 0x (for example 0x420E61BE7002D63560929CCA17A4E1FB)

Parent topic: Populating an ENCKEYS File with Encryption Keys

12.2 Using KEYGEN to Generate a Key

Change directories to the Oracle GoldenGate home directory on the source system, and issue the following shell command. You can create multiple keys, if needed. The key values are returned to your screen. You can copy and paste them into the ENCKEYS file.

KEYGEN key_length n

Where:

key_length is the encryption key length, up to 256 bits (32 bytes).
n represents the number of keys to generate.

Example:

KEYGEN 128 4

Parent topic: Populating an ENCKEYS File with Encryption Keys

12.3 Creating and Populating the ENCKEYS Lookup File

On the source system, open a new ASCII text file.

For each key value that you generated, enter a logical name of your choosing, followed by the key value itself.

The key name can be a string of 1 to 24 alphanumeric characters without spaces or quotes.
Place multiple key definitions on separate lines.

Do not enclose a key name or value within quotes; otherwise it will be interpreted as text.

Use the following sample ENCKEYS file as a guide.

Encryption key name	Encryption key value
## Key name superkey secretkey superkey1 superkey2 superkey3	Key value 0x420E61BE7002D63560929CCA17A4E1FB 0x027742185BBF232D7C664A5E1A76B040 0x42DACD1B0E94539763C6699D3AE8E200 0x0343AD757A50A08E7F9A17313DBAB045 0x43AC8DCE660CED861B6DC4C6408C7E8A

Encryption key name

Encryption key value

## Key name
superkey
secretkey
superkey1
superkey2
superkey3

Key value
0x420E61BE7002D63560929CCA17A4E1FB
0x027742185BBF232D7C664A5E1A76B040
0x42DACD1B0E94539763C6699D3AE8E200
0x0343AD757A50A08E7F9A17313DBAB045
0x43AC8DCE660CED861B6DC4C6408C7E8A

Save the file as the name ENCKEYS in all upper case letters, without an extension, in the Oracle GoldenGate installation directory.
Copy the ENCKEYS file to the Oracle GoldenGate installation directory on every system. The key names and values in all of the ENCKEYS files must be identical, or else the data exchange will fail and Extract and Collector will abort with the following message:
```
GGS error 118 – TCP/IP Server with invalid data.
```

Parent topic: Populating an ENCKEYS File with Encryption Keys