Enabling the encrypted user ID and password security mechanism

To use the encrypted user ID and password security mechanism, you need IBM JCE (Java Cryptography Extension) 1.2.1 or later. You can use it with any version of IBM or Sun's Java??? 2 Platform, Standard Edition, Version 1.2 (J2SE).

IBM Developer Kit for the Java Platform 1.4 or later comes with IBM JCE, so you do not need to install IBM JCE separately. If you have an earlier version of IBM Developer Kit for the Java Platform or other Software Development Kits, complete the following steps:

  1. Copy the following IBM JCE jar files to the jre/lib/ext directory of the IBM SDK's installation home:
    • ibmjceprovider.jar
    • ibmjcefw.jar
    • ibmpkderby.jar
    • ibmpkcs11.jar
  2. Modify the java.security file in the jre/lib/security directory. In the section that lists providers (and preference order), replace the text with: 
    security.provider.1=sun.security.provider.Sun
security.provider.2=com.ibm.crypto.provider.IBMJCE
    Note: If you are installing the IBM JCE on a Sun Java Development Kit, you must specify both of these lines in the order shown.
  3. To use the encrypted user id and password security mechanism during JDBC connection using the network client, specify the securityMechanism in the connection property. If an encrypted database is booted in the Network Server, users can connect to the database without giving the bootPassword. The first connection to the database must provide the bootPassword, but all subsequent connections do not need to supply it. To remove access from the encrypted database, use the shutdown=true option to shut down the database.
Parent topic: User authentication differences
Related concepts
Network Server user authentication when user authentication is on in Derby
Network Server user authentication when user authentication is off in Derby