Valid For

Extract

Description

The encryption profile must be set up before using the ENCRYPTTRAIL parameter for encrypting trail files. The encryption profile contains information about the location of the master key and how Oracle GoldenGate will use it. See What is an Encryption Profile? in Oracle GoldenGate Microservices Documentation to know more.

Use the ENCRYPTTRAIL and NOENCRYPTTRAIL parameters to control whether Oracle GoldenGate encrypts or does not encrypt trail data that is written to a trail or Extract file.

ENCRYPTTRAIL and NOENCRYPTTRAIL are trail or file-specific. One affects all subsequent trail or Extract file specifications in the parameter file until the other parameter is encountered. The parameter must be placed before the parameter entry for the trail that it will affect.

ENCRYPTTRAIL and NOENCRYPTTRAIL cannot be used when FORMATASCII is used to write data to a file in ASCII format. The trail file must be written in the default Oracle GoldenGate canonical format.

ENCRYPTTRAIL encrypts the trail data across all data links and within the files themselves. Only the data blocks are encrypted. User tokens are not encrypted.

Default

NOENCRYPTTRAIL

Syntax

ENCRYPTTRAIL (AES)

ENCRYPTTRAIL (AES)

ENCRYPTTRAIL without options specifies 256-key byte substitution AES256 as the default for all database types except the NonStop platform because Advanced Encryption Standard (AES) encryption is not supported on that platform.

It's mandatory to provide a value for the ENCRYPTTRAIL parameter, otherwise Extract will abend.

ENCRYPTTRAIL supports AES 128, AES 192, AES 256 (Master key and wallet method) encryption. Use the master key based on the encryption profile. AES includes encryption key length to use. This is a symmetric-key encryption standard that is used by governments and other organizations that require a high degree of data security.

• AES128 has a 128-bit block size with a key size of 128 bits.

• AES192 has a 192-bit block size with a key size of 192 bits.

• AES256 has a 256-bit block size with a key size of 256 bits.

To use AES encryption for any database other than Oracle on a 32-bit platform, the path of the /lib sub-directory of the Oracle GoldenGate installation directory must be specified as an environment variable before starting any processes. This is not required on 64-bit platforms.

Set the path as follows:

• Linux: Specify the path as an entry to the LD_LIBRARY_PATHvariable. For example:

  setenv LD_LIBRARY_PATH ./lib:$LD_LIBRARY_PATH

• For Solaris: Specify the path as an entry to the SHLIB_PATH variable.

• For IBMi and AIX: Specify the path as an entry to the LIBPATH variable.

• For Windows: Add the path to the PATH variable.

You can use the SETENV parameter to set it as a session variable for the process.

NOENCRYPTTRAIL

Prevents the trail from being encrypted. This is the default.

Examples

Example 1   

In the following example, the master key and wallet method is used. The Extract process writes to two trails. The data for the emp table is written to trail /home/ggsora/dirdat/em, which is encrypted with the AES-192 cipher. The data for the stores table is written to trail /home/ggsora/dirdat/st, which is not encrypted.

ENCRYPTTRAIL AES192
EXTTRAIL /home/ggsora/dirdat/em
TABLE hr.emp;
NOENCRYPTTRAIL
EXTTRAIL /home/ggsora/dirdat/st
TABLE ops.stores;

Example 2   

As an alternative to the preceding example, you can omit NOENCRYPTTRAIL if you list all non-encrypted trails before the ENCRYPTTRAIL parameter.

EXTTRAIL /home/ggsora/dirdat/st
TABLE ops.stores;
ENCRYPTTRAIL AES192
EXTTRAIL /home/ggsora/dirdat/em
TABLE hr.emp;