Saturday 21 October 2017

GoldenGate Encrypt Password using Keygen Utility

Introduction 

Keygen is the utility that generates one or more encryption keys, these keys can be used to encrypt the password provided in GoldenGate parameter file. This provides enhanced security and protects the password information provided in the parameter files

Generate Encykeys using Keygen utility 

Syntax

KEYGEN   key_length   n
key_length) :- encryption key length (up to 128 bits)
n :- represents the number of keys to generate

Run the Keygen Utility

Step 1:- Invoke the Keygen Utility
[oracle@prim goldengate]$ ./keygen  128 4
0x453302332121116F655BB7529DD7F839

0x20D79B2348B03674E5FB2B52360A7510

0xA5253014E1227540100E2D1D4AA09104

0x80C9C90408B29A4590AEA11CE2D20D5B

Step 2:- Now save this output in ENCKEYS file. Contents of the file must look like this

[oracle@prim goldengate]$ cat ENCKEYS 
enc_key1 0x453302332121116F655BB7529DD7F839
enc_key2 0x20D79B2348B03674E5FB2B52360A7510
enc_key3 0xA5253014E1227540100E2D1D4AA09104
enc_key4 0x80C9C90408B29A4590AEA11CE2D20D5B
[oracle@prim goldengate]$

Note :- This ENCKEYS file needs to be copies to all the GoldenGate target server, else data replication may break

Step 3:- Generate the encrypted password

GGSCI (prim.localdomain) 7> encrypt password ggowner ENCRYPTKEY enc_key1
Encrypted password:  AADAAAAAAAAAAAHAQFVFMCVEOBVHXIAAPFGGVJYEXFGILEDDADJHHIMIDHREUCQGXIOEXBWFVAWHGEYH
Algorithm used:  AES128

GGSCI (prim.localdomain) 8>

Step 4:- Now test the password and verify

GGSCI (prim.localdomain) 9> dblogin USERID GGOWNER, PASSWORD AADAAAAAAAAAAAHAQFVFMCVEOBVHXIAAPFGGVJYEXFGILEDDADJHHIMIDHREUCQGXIOEXBWFVAWHGEYH, encryptkey enc_key1
Successfully logged into database.

GGSCI (prim.localdomain as GGOWNER@GGDB01) 10>

Step 5:- Add the encrypted password on to the GoldenGate parameter file 

GSCI (prim.localdomain as GGOWNER@GGDB01) 20> view params GGEXT01

EXTRACT GGEXT01
USERID GGOWNER, PASSWORD AADAAAAAAAAAAAHAQFVFMCVEOBVHXIAAPFGGVJYEXFGILEDDADJHHIMIDHREUCQGXIOEXBWFVAWHGEYH, encryptkey enc_key1
DISCARDFILE /u01/app/oracle/product/11.2.0/goldengate/dirrpt/ggext01.dsc
EXTTRAIL /u01/app/oracle/product/11.2.0/goldengate/dirdat/lt
TABLE GGOWNER.EMPLOYEE;

GGSCI (prim.localdomain as GGOWNER@GGDB01) 21>

Posted by at 2 comments:
Subscribe to: Posts (Atom)