Keygen # GoldenGate Password Encryption

Advantages # 

password protection 

Trails can be encrypted 

> PROCEDURE to implement > 

using "keygen" utility, we can generate hex keys 

after Enter the hex keys in ASCII file in goldengate home directory and encrypt the password 

Step 1# create hex keys using keygen utility # keygen utility exists in goldengate home; key length is max 256 bits 

Syntax # ./keygen <key_length> <Number of keys> 

[oracle@tnc1 home]$ ./keygen 128 4

0x05A5A84484FA4824B0BF2528ADC0E461

0xD392635258E8AC4D0C417D054988F659

0xA1801E602CD6107767C2D462E54F0852

0x6F6ED96D01C47420C3432C4081171A4A

Step 2 # Enter all 4 keys in ASCII file ENKEYS and < Name key value with key Name as follows >

[oracle@tnc1 home]$touch ENCKEYS 

[oracle@tnc1 home]$ cat ENCKEYS 

# Key name      key Value 

key128_1        0x05A5A84484FA4824B0BF2528ADC0E461

key128_2        0xD392635258E8AC4D0C417D054988F659

key128_3        0xA1801E602CD6107767C2D462E54F0852

key128_4        0x6F6ED96D01C47420C3432C4081171A4A

Usually we encrypt the ggsuser password with <encrypt_type>

encrypt_type = AES128, AES192,  AES256
Syntax # 

GGSCI> encrypt password <GOLDENGATE Password> <encrypt_type> ENCRYPTKEY <keyname> 

GGSCI (tnc1.localdomain) 2> encrypt password oracle aes128 encryptkey key128_2

Encrypted password:  AADAAAAAAAAAAAGAKHGAGDRIUAZDVENBDIJHSCIEVDFJCAFJUBXIQDEDXHLHIBHJPICCJILGSEOATIJJ

Algorithm used:  AES128

Testing database login from goldengate command line utility # ggsci >

GGSCI (tnc1.localdomain) 5> dblogin userid ggsuser password AADAAAAAAAAAAAGAKHGAGDRIUAZDVENBDIJHSCIEVDFJCAFJUBXIQDEDXHLHIBHJPICCJILGSEOATIJJ, encryptkey key128_2

Successfully logged into database.

STEP3 # copy ENKEYS file to source and Target goldengate homes  # 

--Nikhil Tatineni--

--Oracle in memory---