Encrypting databases on creation
You configure a Derby database for encryption when you create the database by specifying attributes on the connection URL.
Encrypting an existing unencrypted database
You can encrypt an unencrypted Derby database by specifying attributes on the connection URL when you boot the database. The attributes that you specify depend on how you want the database encrypted.
Creating a boot password
When you encrypt a database you usually specify a boot password, which is an alphanumeric string used to generate the encryption key. (You can also specify an encryption key directly.)
Encrypting databases with a new key
You can apply a new encryption key to a Derby database by specifying a new boot password or a new external key.
Booting an encrypted database
If you create an encrypted database using the bootPassword=key attribute, you must specify the boot password to reboot the database. If you create an encrypted database using the encryptionKey=key attribute, you must specify the encryption key to reboot the database.
Decrypting an encrypted database
You can return an encrypted database to an unencrypted state by specifying attributes on the connection URL.