encryptionKeyLength=length attribute

The encryptionKeyLength=length attribute specifies the number of bits in the encryption key to be generated when a database is encrypted with the bootPassword=key attribute.

See bootPassword=key attribute for details.

The default encryption key length is 128.

You need to specify encryptionKeyLength=length only if all of the following circumstances apply:
  • You are specifying a non-default encryption algorithm (the default is DES).
  • The encryption algorithm you are specifying allows for more than one key length.
  • You want to use a non-default key length.

For information about data encryption, see "Configuring database encryption" in the Derby Security Guide.

Combining with other attributes

The encryptionKeyLength=length attribute can be combined with either the bootPassword=key attribute or the encryptionKey=key attribute (although it is redundant if you use encryptionKey=key).

The encryptionKeyLength=length attribute may also be combined with the encryptionProvider=providerName and/or encryptionAlgorithm=algorithm attributes.

If you use encryptionKeyLength=length with encryptionKey=key, the key you specify must have the length you specify.

Examples

-- create a new, encrypted database
jdbc:derby:newDB;create=true;dataEncryption=true;
    encryptionKeyLength=192;encryptionAlgorithm=AES/CBC/NoPadding;
    bootPassword=Thursday
-- configure an existing unencrypted database for encryption
jdbc:derby:myDB;dataEncryption=true;
    encryptionKeyLength=168;encryptionAlgorithm=DESede/CBC/NoPadding;
    bootPassword=Wednesday
Note: If the specified algorithm does not support the specified encryption key length, Derby returns an exception.