Implement NaCL encryption - connect_cdc_sqdata - Latest

Connect CDC (SQData) Change Data Capture

Product type
Software
Portfolio
Integrate
Product family
Connect
Product
Connect > Connect CDC (SQData)
Version
Latest
Language
English
Product name
Connect CDC (SQData)
Title
Connect CDC (SQData) Change Data Capture
Copyright
2024
First publish date
2000
Last updated
2024-11-25
Published on
2024-11-25T15:05:48.570404

Connect CDC (SQData) provides for encryption by the Publisher using the same NaCl Public / Private Key used for authentication and authorization. While Captures and Publishers are typically initiated by the same USER_ID as the Capture Controller Daemon, those jobs explicitly identify the public / private key pair files in JCL DD statements. Precisely recommends that a second NACL Key pair is generated for the Capture / Publisher. A second authorized Key List will also be required by the Capture / Publisher containing the public keys for only those Engines subscribing to that Capture / Publisher and whose payload will be encrypted. Once the Controller Daemon passes the connection request to the Capture / Publisher a second handshake will be performed with the Engine and the CDC payload will be encrypted before being published and decrypted by the receiving Engine.

Syntax
$ sqdconf create <cab_file_name>
[--encryption | --no-encryption]
 [--auth-keys-list="<name>"]
Keyword and Parameter Descriptions
Keyword Description
<cab_file_name>

This is where the Capture Agent configuration file, including its path is first created. There is only one CAB file per Capture Agent. In our example /home/sqdata/udbcdc/udbcdc.cab

[--encryption | --no-encryption]

Enables or disables NaCL encryption of the published CDC record payload.

[--auth-keys-list="<name>"]

Required for NaCL encrypted CDC record payload. File name must be enclosed in quotes and must contain public key(s) of only the subscribing Engines requiring encryption of the CDC record payload. See --encryption option.

Example 1

Turn on encryption
$ sqdconf modify /home/sqdata/udbcdc/udbcdc.cab 
--encryption 
 --auth-keys-list="nacl_auth_keys"

Stop and restart the Db2/LUW (UDB) Capture Agent.

Example 2

Turn off encryption
$ sqdconf modify /home/sqdata/udbcdc/udbcdc.cab 
--no-encryption 

Stop and restart the Db2/LUW (UDB) Capture Agent.