Oracle GoldenGate 数据加密

来源：互联网发布：无名体育淘宝编辑：程序博客网时间：2024/04/30 05:46

GoldenGate 数据加密包括

Data encryption
缺省无数据加密
使用CounterPane的Blowfish对称加密算法,Collector在保存数据到队列之前自动执行解压缩

可以使用密钥对于参数文件中的密码进行加密
可以使用缺省密钥加密
可以使用自定义密钥加密

ggsci中提供了密码加密的命令 ENCRYPT PASSWORD
可以使用缺省密钥或者自定义密钥.
如果使用自定义密钥，则它必须存在于ENCKEYS文件中.

使用缺省密钥

GGSCI (testdb) 2> ENCRYPT PASSWORD ggadminNo KEY specified, USING DEFAULT KEY...Encrypted password:  AACAAAAAAAAAAAHAKCUIXDBIVBKDBCGJ

测试使用密钥登陆

GGSCI (testdb) 3> dblogin userid ggadmin, password AACAAAAAAAAAAAHAKCUIXDBIVBKDBCGJ, encryptkey DEFAULTSuccessfully logged INTO DATABASE.GGSCI (testdb) 4>

当然你也可以使用明文密码登陆

GGSCI (testdb) 3> dblogin userid ggadmin, password ggadminSuccessfully logged INTO DATABASE.GGSCI (testdb) 4>

在参数文件中配置密钥

GGSCI (testdb) 6> VIEW params eorajjEXTRACT EORAJJUSERID GGADMIN, PASSWORD AACAAAAAAAAAAAHAKCUIXDBIVBKDBCGJ, encryptkey DEFAULTRMTHOST 192.168.106.161, MGRPORT 7809 RMTTRAIL /u01/app/oracle/goldengate/dirdat/jj TABLE GGUSER.T_RSYNC;GGSCI (testdb) 7>

指定密钥加密

使用keygen生成key

-bash-3.2$ pwd/u01/app/oracle/goldengate-bash-3.2$ keygen 128 40x3F75005FC121AC2D80A9E913B2A2A54A0x19F3CC3EA14A8A726B26356DE9FDDD0A0xF370991E8273683757A380461F59164B0xCCEE657E629C467C4320CC1F56B44E0B-bash-3.2$

保存密钥,创建ENCKEYS文件,key name可以随便指定

-bash-3.2$ cat ENCKEYS securekey1 0x3F75005FC121AC2D80A9E913B2A2A54Asecurekey2 0x19F3CC3EA14A8A726B26356DE9FDDD0Asecurekey3 0xF370991E8273683757A380461F59164Bsecurekey4 0xCCEE657E629C467C4320CC1F56B44E0B-bash-3.2$ pwd/u01/app/oracle/goldengate-bash-3.2$

将ENCKEYS文件传递到目标端

-bash-3.2$ scp ENCKEYS oracle@192.168.106.161:/u01/app/oracle/goldengate/The authenticity OF host '192.168.106.161 (192.168.106.161)' can't be established.RSA key fingerprint is 49:6e:da:ca:df:96:69:a4:e7:b1:2f:5a:a1:e8:18:0f.Are you sure you want to continue connecting (yes/no)? yesWarning: Permanently added '192.168.106.161' (RSA) to the list of known hosts.oracle@192.168.106.161's password: ENCKEYS              100% |******************************************************************************************************************************|   184       00:00    -bash-3.2$

加密数据库密码

GGSCI (testdb) 2> encrypt password ggadmin encryptkey securekey1Encrypted password:  AACAAAAAAAAAAAHAFDKJDFNHVATFGGTBGGSCI (testdb) 3>

GGSCI (testdb) 3> dblogin userid ggadmin, password AACAAAAAAAAAAAHAFDKJDFNHVATFGGTB encryptkey securekey1Successfully logged INTO DATABASE.

源端参数文件配置

GGSCI (testdb) 5> VIEW params eorajjEXTRACT EORAJJUSERID GGADMIN, PASSWORD AACAAAAAAAAAAAHAFDKJDFNHVATFGGTB, encryptkey securekey1RMTHOST 192.168.106.161, MGRPORT 7809 RMTTRAIL /u01/app/oracle/goldengate/dirdat/jj TABLE GGUSER.T_RSYNC;GGSCI (testdb) 6>

目标端参数文件配置

GGSCI (joy.localdomain) 15> dblogin userid ggadmin, password AACAAAAAAAAAAAHAFDKJDFNHVATFGGTB, encryptkey securekey1Successfully logged INTO DATABASE.GGSCI (joy.localdomain) 16> VIEW params rorajjREPLICAT RORAJJUSERID GGADMIN, PASSWORD AACAAAAAAAAAAAHAFDKJDFNHVATFGGTB, encryptkey securekey1HANDLECOLLISIONSASSUMETARGETDEFSDISCARDFILE /u01/app/oracle/goldengate/dirrpt/RORAJJ.DSC, PURGEMAP GGUSER.T_RSYNC, TARGET GGTARGET.T_ISRSYNC;GGSCI (joy.localdomain) 17>