Oracle GoldenGate 学习教程三、加密(2)

日期：2020-06-04 栏目：程序人生浏览：次

userid 中将password由原来的明码用加密后的密码代替，后面指定加密类型和密钥名称(ENCRYPTKEY);
ENCRYPTTRAIL 指定trail文件的加密类型和密钥名称(KEYNAME)；

4.2 配置Data Pump进程 GGSCI (sywu) 10> edit param PSYDB001 extract psydb001 SETENV(ORACLE_SID="sydb") SETENV (NLS_LANG=AMERICAN_AMERICA.AL32UTF8) userid ogg_owner,password AADAAAAAAAAAAAJANJBHVDBAGCCBOIUCTJHJVIOCVGBFSGNJFFAAGIOHBJNBWAPANGWILCPFGIXBOIXB aes128 encryptkey securekey1 DECRYPTTRAIL aes128 KEYNAME securekey1 RMTHOST sywu,mgrport 7909 ENCRYPTTRAIL aes128 KEYNAME securekey1 RMTTRAIL /u01/app/product/ogg_trg/dirdat/ps TABLE ogg_owner.togg;

因为Data Pump要读取主抽取进程保存的trail文件数据并且提供了对数据的操作功能如实现过滤、运算等复杂的工作，所以在读取后必须先对原数据进行解密再处理，最后再次加密发送到目标端；
DECRYPTTRAIL 定义将要解密的文件的加密类型和加密key(KEYNAME)；
ENCRYPTTRAIL 定义最终处理后的数据加密类型和加密key(KEYNAME)；
注意:解密类型和keyname必须和主进程配置的相同。
启动进程

GGSCI (sywu as ogg_owner@sydb) 42> start * Sending START request to MANAGER ... EXTRACT ESYDB001 starting EXTRACT PSYDB001 is already running. GGSCI (sywu as ogg_owner@sydb) 43> info all Program Status Group Lag at Chkpt Time Since Chkpt MANAGER RUNNING EXTRACT RUNNING ESYDB001 00:01:31 00:00:08 EXTRACT RUNNING PSYDB001 00:00:00 116:02:26 5 目标端解密配置

目标端后台Collector进程在接受到源端的发送请求后将数据写入到目标端trail文件中，再由replicat进程读取、解密、重构dml或ddl语句应用到数据库，so 如果源端配置了加密则目标端必须进行解密配置，并且解密的类型和key必须和源端相同，操作步骤:

1 将源端创建的ENCKEYS文件发送到目标端GoldenGate根目录

2 Replicat进程配置解密操作

3 重启replicat进程

发送源端ENCKEYS文件到目标端可以scp或复制粘贴到目标端，此处省略其操作。

5.1 Replicat进程配置解密操作 [oracle@sywu ~]$ tggsci Oracle GoldenGate Command Interpreter for Oracle Version 12.1.2.1.0 OGGCORE_12.1.2.1.0_PLATFORMS_140727.2135.1_FBO Linux, x64, 64bit (optimized), Oracle 11g on Aug 7 2014 09:14:25 Operating system character set identified as UTF-8. Copyright (C) 1995, 2014, Oracle and/or its affiliates. All rights reserved. GGSCI (sywu) 1> edit param RSYDB001 REPLICAT rsydb001 SETENV(ORACLE_SID="sydb") SETENV (NLS_LANG=AMERICAN_AMERICA.AL32UTF8) USERID ogg_trg,password AADAAAAAAAAAAAHABDQFVJMADCAFECACYEPIQEJCFGDGMDHBRJXCUBOBQJEGLBPEBDMCOAACDILGAJKA & aes128,ENCRYPTKEY securekey1 DISCARDFILE /u01/app/product/ogg_trg/discrd/reptr.desc,append,megabytes 512 DECRYPTTRAIL AES128, KEYNAME securekey1 ALLOWNOOPUPDATES ASSUMETARGETDEFS MAP OGG_OWNER.TOGG,target OGG_TRG.TOGG;

DECRYPTTRAIL 定义将要解密的文件的加密类型和加密密钥(KEYNAME)，这里和源端必须相同；
这些都配置好了，重启replicat 进程。

6 未加密和加密trail文件对比分析 6.1 未加密trail文件分析 [oracle@sywu ~]$ strings /u01/app/product/ogg_src/dirdat/es000004 *uri:sywu::u01:app:product:ogg_src:ESYDB0016 (/u01/app/product/ogg_src/dirdat/es0000047 575523 575169 ,............................................ Linux1 sywu2 2.6.32-431.23.3.el6.x86_643 ##1 SMP Thu Jul 31 17:20:51 UTC 20144 x86_642 SYDB2 sydb3 Oracle Database 11g Enterprise Edition Release 11.2.0.3.0 - 64bit Production PL/SQL Release 11.2.0.3.0 - Production CORE 11.2.0.3.0 Production TNS for Linux: Version 11.2.0.3.0 - Production NLSRTL Version 11.2.0.3.0 - Production 11.2.0.3.09 +08:003 ESYDB0011 AVersion 12.1.2.1.0 OGGCORE_12.1.2.1.0_PLATFORMS_140727.2135.1_FBO4 ESYDB001Z OGG_OWNER.TOGG 1003 1900-01-01:00:00:00 1900-01-01:00:00:00T AAADX2AAGAAAAA2AAA 5755236 2.138.127Z OGG_OWNER.TOGG 1004 sywu user 1900-01-01:00:00:00 1900-01-01:00:00:00T AAADX2AAGAAAAA2AAB

以上的trail文件来自上次未加密的测试环境中，具体的dml

OGG_OWNER@sydb>insert into togg(id,name)values(1003,'tt') ; 1 row created. Elapsed: 00:00:00.00 OGG_OWNER@sydb>insert into togg(id,name,type)values(1004,'sywu','user'); 1 row created. Elapsed: 00:00:00.01

So 在未加密情况下可以清楚的看到新增的id(1003,1004)和rowid(AAADX2AAGAAAAA2AAA，AAADX2AAGAAAAA2AAB)；

6.2 加密trail文件分析

在源端插入如下数据:

SYS@sydb>conn ogg_owner/ogg_owner Connected. OGG_OWNER@sydb>insert into togg(id,name,type)values(1005,'sywu','user'); 1 row created. Elapsed: 00:00:00.09 OGG_OWNER@sydb>insert into togg(id,name,type)values(1006,'sywu','user'); 1 row created. Elapsed: 00:00:00.01 OGG_OWNER@sydb>commit; Commit complete. Elapsed: 00:00:00.00

转载注明出处：https://www.heiqu.com/d87fdb881007a9c491100c8f4d58bfa0.html

Oracle GoldenGate 学习教程三、加密(2)

相关推荐