Creating a boot password

When you encrypt a database you usually specify a boot password, which is an alphanumeric string used to generate the encryption key. (You can also specify an encryption key directly.)

The length of the encryption key depends on the algorithm used:

Note: The boot password should have at least as many characters as number of bytes in the encryption key (56 bits=8 bytes, 168 bits=24 bytes, 128 bits=16 bytes). The minimum number of characters for the boot password allowed by Derby is eight.

It is a good idea not to use words that would be easily guessed, such as a login name or simple words or numbers. A boot password, like any password, should be a mix of numbers and uppercase and lowercase letters.

You turn on and configure encryption and specify the corresponding boot password on the connection URL for a database when you create it:

jdbc:derby:encryptionDB1;create=true;dataEncryption=true;
bootPassword=clo760uds2caPe
Note: If you lose the boot password and the database is not currently booted, you will not be able to connect to the database anymore. (If you know the current boot password, you can change it. See Encrypting databases with a new key.)
Related concepts
Encrypting databases on creation
Booting an encrypted database