OracleGoldenGate tutorial 3. Encryption

Since last week, I have spent a lot of time reading the official GoldenGate documents in my spare time and learn more about GoldenGate based on the practices. The following is an overview of GoldenGate.

Since last week, I have spent a lot of time reading the official GoldenGate documents in my spare time and learn more about GoldenGate based on the practices. The following is an overview of GoldenGate.

Read navigation

Before you start

Since last week, I have spent a lot of time reading the GoldenGate official documents in my spare time and learn more about GoldenGate based on the practices of this document. The following is a summary of GoldenGate's learning content based on the official documents:

Oracle GoldenGate tutorial 1: Introduction and Installation

Oracle GoldenGate tutorial 2. Configuration and usage

In [us] motymo J. in the Book [How to Read a Book] written by Charles Van dorun, the author emphasizes that if you cannot describe or remember what you learn every day in your own language, it means that you have not actually learned and understood what you learned, so after that, I changed my learning style and changed my new learning style to describing and memorizing my knowledge in my own language and understanding. there are mistakes in the description. Please forgive me, thank you for your guidance!

1. Encryption Application Scenario 2. Encryption Algorithm 3 provided by GoldenGate generates a key

You must generate a key and save it in the ENCKEYS LookUp file before using the following functions:

Generate key
Switch to the GoldenGate home directory and use the KEYGEN tool to generate the key. Syntax:

./Keygen>

Key length indicates the length of the encryption key;
N indicates the number of keys generated;

[Oracle @ sywu ogg_src] $./keygen 128 quit

Each generated key is different. After the key is generated, define a name (keyName) for each key and copy it to the ENCKEYS file in the root directory of GoldenGate home. The ENCKEYS file is a lookup file.
Save the key to the ENCKEYS File

[Oracle @ sywu ogg_src] $ vim ENCKEYS # GoldenGate encryption key # keyNamekeysecurekey1 0x71DF8D01C352097FC76BBA31232DA95A

Encrypt the password using the key in the GGSCI command line

GGSCI (sywu) 8> encrypt password ogg_owner aes128 encryptkey encrypted password: Encrypted used: AES128GGSCI (sywu) 9> encrypt password ogg_owner aes128 encryptkey encrypted password: Encrypted used: AES128

After the password is encrypted, you can use dblogin to log on to the database and verify the password.

GGSCI (sywu as ogg_owner @ sydb) 11> dblogin userid ogg_owner, password authentication aes128 encryptkey securekey1Successfully logged into database.

Note: because the length of the key is specified when the key is created, the length of the encryption key must be consistent.

4. source encryption Configuration

Configure master extraction process encryption and Data Pump process encryption on the source end.

4.1 configure the master extraction process GGSCI (sywu as ogg_owner @ sydb) 31> EDIT PaRAM ESYDB001extract extract (ORACLE_SID = "sydb") SETENV (NLS_LANG = login) userid ogg_owner, password keys & aes128, ENCRYPTKEY securekey1ENCRYPTTRAIL aes128, KEYNAME securekey1EXTTRAIL/u01/app/product/ogg_src/dirdat/estable ogg_owner.togg;

In userid, the password is replaced by the original plaintext with the encrypted password, and the encryption type and key name (ENCRYPTKEY) are specified later );
ENCRYPTTRAIL specifies the encryption type and key name (KEYNAME) of the trail file );

4.2 configure Data Pump process GGSCI (sywu) 10> edit param PSYDB001extract psydb001SETENV (ORACLE_SID = "sydb") SETENV (NLS_LANG = AMERICAN_AMERICA.AL32UTF8) userid ogg_owner, password Encryption aes128 encryptkey encryption aes128 KEYNAME authentication sywu, mgrport 7909 ENCRYPTTRAIL aes128 KEYNAME securekey1RMTTRAIL/u01/app/product/ogg_trg/dirdat/psTABLE ogg_owner.togg;

Because Data Pump needs to read the Data in the trail file stored by the master extraction process and provides Data operation functions such as filtering and computation, therefore, after reading the data, you must first decrypt the original data and then process it, and then encrypt and send it to the target end again;
DECRYPTTRAIL defines the encryption type and key (KEYNAME) of the file to be decrypted );
ENCRYPTTRAIL defines the final data encryption type and encryption key (KEYNAME );
Note: The decryption type and keyname must be the same as that configured by the master process.
Start Process

GGSCI (sywu as ogg_owner @ sydb) 42> start * Sending START request to MANAGER... EXTRACT ESYDB001 startingEXTRACT PSYDB001 is already running. GGSCI (sywu as ogg_owner @ sydb) 43> info allProgramStatusGroupLag at Chkpt Time Since 000000: 01: 3100: 00: 08EXTRACTRUNNINGPSYDB001 00: 00: 00116: 02: 26 5 target end decryption Configuration

After receiving a request from the source end, the target Background Collector process writes the data to the target trail file, and then the replicat process reads, decrypts, and restructured dml or ddl statements to apply to the database, so if the source end is configured with encryption, the target end must perform decryption configuration, and the decryption type and key must be the same as the source end. Operation steps:

Send the source ENCKEYS file to the target end. You can copy and paste the file to the target end. This operation is omitted.

5.1 Replicat Process configuration decryption operation [oracle @ sywu ~] $ TggsciOracle GoldenGate Command Interpreter for OracleVersion 12.1.2.1.0 runtime, x64, 64bit (optimized), Oracle 11g on Aug 7 2014 09: 14: 25 Operating system character set identified as UTF-8.Copyright (C) 1995,201 4, Oracle and/or its affiliates. all rights reserved. GGSCI (sywu) 1> edit param RSYDB001REPLICAT rsydb001SETENV (ORACLE_SID = "sydb") SETENV (NLS_LANG = login) USERID ogg_trg, password login & aes128, ENCRYPTKEY securekey1DISCARDFILE/u01/app/product/ogg_trg/discrd/reptr. desc, append, megabytes 512 DECRYPTTRAIL AES128, KEYNAME securekey1ALLOWNOOPUPDATESASSUMETARGETDEFSMAP OGG_OWNER.TOGG, target OGG_TRG.TOGG;