encryptionKey=key attribute

The encryptionKey=key attribute specifies an external encryption key.

The attribute specifies the external key to use to:
  • Encrypt a new database
  • Configure an existing unencrypted database for encryption
  • Boot an existing encrypted database
Your application must provide the encryption key. The encryption key value must be a hexadecimal string at least 16 digits in length (8 bytes), and it must contain an even number of digits.

For information about data encryption, see "Configuring database encryption" in the Derby Security Guide.

Combining with other attributes

When creating a new database, you must combine the encryptionKey=key attribute with the create=true and dataEncryption=true attributes.

When you configure an existing unencrypted database for encryption, the encryptionKey=key attribute must be combined with the dataEncryption=true attribute. For an existing, unencrypted database for which authentication and SQL authorization are both enabled, only the database owner can perform encryption. See "Configuring user authentication" and "Configuring user authorization" in the Derby Security Guide for more information.

The encryptionKey=key attribute can optionally be combined with the encryptionProvider=providerName, encryptionAlgorithm=algorithm, and/or encryptionKeyLength=length attributes.

Examples

-- create a new encrypted database
jdbc:derby:newDB;create=true;dataEncryption=true;
   encryptionKey=6162636465666768
-- configure an existing unencrypted database for encryption
jdbc:derby:salesdb;dataEncryption=true;encryptionKey=6162636465666768
-- boot an encrypted database
jdbc:derby:encryptedDB;encryptionKey=6162636465666768