1. Command Line Interface Reference for Oracle GoldenGate
  2. GGSCI Command Line Interface Commands
  3. ENCRYPT PASSWORD

ENCRYPT PASSWORD

Use ENCRYPT PASSWORD to encrypt a password that is used in an Oracle GoldenGate parameter file or command.

GGSCI Syntax

ENCRYPT PASSWORD password
[AES128 | AES192 | AES256]
ENCRYPTKEY {key_name | DEFAULT}
password

The login password. Do not enclose the password within quotes. Do not use commas in passwords. If the password is case-sensitive, type it that way.

AES128 | AES192 | AES256

Specifies the encryption algorithm to use.

  • AES128 uses the AES-128 cipher, which has a key size of 128 bits.

  • AES192 uses the AES-192 cipher, which has a key size of 192 bits.

  • AES256 uses the AES-256 cipher, which has a key size of 256 bits.

If no algorithm is specified, AES128 is the default for all database types where BLOWFISH is the default. AES is not supported for those platforms.

All of the AES ciphers have a 128-bit block size.

To use AES encryption for any database other than Oracle, the path of the lib sub-directory of the Oracle GoldenGate installation directory must be specified as an environment variable before starting any processes:

  • UNIX: Specify the path as an entry to the LD_LIBRARY_PATH or SHLIB_PATH variable. For example: 

    SETENV LD_LIBRARY_PATH ./lib:$LD_LIBRARY_PATH

  • Windows: Add the path to the PATH variable.

You can use the SETENV parameter to set it as a session variable for the process.

ENCRYPTKEY {key_name | DEFAULT}

Specifies the encryption key.

key_name

Specifies the logical name of a user-created encryption key in a local ENCKEYS lookup file. The key name is used to look up the actual key in the ENCKEYS file. A user-created key and an associated ENCKEYS file is required when using AES encryption. To use key_name, generate the key with KEYGEN or another utility, then store it in an ENCKEYS file on the source and target systems. The AES ciphers have a 128-bit block size.

DEFAULT

(GGSCI) Directs Oracle GoldenGate to generate a random key that is stored in the trail so that decryption can be performed by the downstream process. This type of key is insecure and should not be used in a production environment. ENCRYPT PASSWORD returns an error if DEFAULT is used with any AES algorithm.

Examples

ENCRYPT PASSWORD ny14072 AES192 ENCRYPTKEY superkey2