Connect CDC (SQData) provides for encryption by the Publisher using the same NaCl Public / Private Key used for authentication and authorization. While Captures and Publishers are typically initiated by the same USER_ID as the Capture Controller Daemon, those jobs explicitly identify the public / private key pair files in JCL DD statements. Precisely recommends that a second NACL Key pair is generated for the Capture / Publisher. A second authorized Key List will also be required by the Capture / Publisher containing the public keys for only those Engines subscribing to that Capture / Publisher and whose payload will be encrypted. Once the Controller Daemon passes the connection request to the Capture / Publisher a second handshake will be performed with the Engine and the CDC payload will be encrypted before being published and decrypted by the receiving Engine.
$ sqdconf create <cab_file_name>
[--encryption | --no-encryption]
[--auth-keys-list="<name>"]
Keyword | Description |
---|---|
<cab_file_name> |
This is where the Capture Agent configuration file, including its path is first created. There is only one CAB file per Capture Agent. In our example /home/sqdata/oracdc/oracdc.cab |
[--encryption | --no-encryption] |
Enables or disables NaCL encryption of the published CDC record payload. |
[--auth-keys-list="<name>"] |
Required for NaCL encrypted CDC record payload. File name must be enclosed in quotes and must contain public key(s) of only the subscribing Engines requiring encryption of the CDC record payload. See --encryption option. |
Example 1
$ sqdconf modify /home/sqdata/oracdc1/oracdc1.cab
--encryption
--auth-keys-list="nacl_auth_keys"
Stop and restart the Oracle Capture Agent.
Example 2
$ sqdconf modify /home/sqdata/oracdc1/oracdc1.cab
--no-encryption
Stop and restart the Oracle Capture Agent.