My GG version: 11.2.1.0.x
OS version: RHEL
5.x
Oracle version: 11.2.0.2
In order to generate keys, run the keygen
command from the GoldenGate software installation home
KEYGEN key
length n
Where:
(key length) is the encryption key length, up to 128 bits.
(n) represents the number of keys to generate.
oracle@oradev01:/opt/oracle/GGATE $ ./keygen
128 4
0x022A972B7CF6EF537DBCF35792BEH321
0x03CC8167B516426D9CA3A70B5B1FDW12
0x066E6C23EF369406BA8A5B3F2580DF54
0x0A10575F2857E61FD8710F73EFE08H11
Save the file as the name ENCKEYS
in all upper case letters, without an extension, in the Oracle GoldenGate
installation directory.
oracle@oradev01:/opt/oracle/GGATE $ vi ENCKEYS
oracle@oradev01:/opt/oracle/GGATE $ cat ENCKEYS
key1 0x022A972B7CF6EF537DBCF35792BEH321
key2 0x03CC8167B516426D9CA3A70B5B1FDW12
key3 0x066E6C23EF369406BA8A5B3F2580DF54
key4 0x0A10575F2857E61FD8710F73EFE08H11
Copy this ENCKEYS file
to all the target servers in the GG home location. The key names and values in
all of the ENCKEYS files must be identical, or else the data exchange
will fail
oracle@oradev01:/opt/oracle/GGATE $ ./ggsci
Oracle GoldenGate Command Interpreter for Oracle
Version 11.2.1.0.3 14400833
OGGCORE_11.2.1.0.3_PLATFORMS_120823.1258_FBO
Linux, x64, 64bit (optimized), Oracle 11g on Aug 23 2012 20:20:21
Copyright (C) 1995, 2012, Oracle and/or its affiliates. All rights
reserved.
GGSCI (oradev01) 1> encrypt password gguser123
Expecting either 'ENCRYPTKEY' or an encryption algorithm
we need to give encrypt key which is specified in ENCKEYS file
GGSCI (oradev01) 2> encrypt
password gguser123 ENCRYPTKEY key1
Encrypted password:
AADAAAAAAAAAAAKAVHWAGJIGWBGHDBRAGJMIPEQEXBYEMDYIRBICFHSCTDHHEJHANCKAUDDGQJPBHRDT
Algorithm used: AES128
Check whether you can able to connect with this encrypted password
GGSCI (oradev01) 3> dblogin USERID gguser@MYDB, PASSWORD
AADAAAAAAAAAAAKAVHWAGJIGWBGHDBRAGJMIPEQEXBYEMDYIRBICFHSCTDHHEJHANCKAUDDGQJPBHRDT,
encryptkey key1
Successfully logged into database.
GGSCI (oradev01) 3> dblogin USERID gguser@MYDB, PASSWORD
gguser123
Successfully logged into database.
So you can use this encrypted password in your extract param file
GGSCI (oradev01) 4> edit params ext
GGSCI (oradev01) 6> view params ext
EXTRACT ext
USERID gguser@MYDB, PASSWORD
AADAAAAAAAAAAAKAVHWAGJIGWBGHDBRAGJMIPEQEXBYEMDYIRBICFHSCTDHHEJHANCKAUDDGQJPBHRDT,
encryptkey key1
EXTTRAIL /opt/oracle/GGATE/dirdat/lt
………
…..
………….
SETENV NLS_LANG="AMERICAN_AMERICA.WE8ISO8859P1"
TABLE schema.table_name
NOTE: The only way to protect
this ENCKEYS file from other is through o/s
privileges (Doc ID 1575452.1)
0 comments:
Post a Comment