encryptionAlgorithm=algorithm attribute

The encryptionAlgorithm=algorithm attribute specifies the algorithm for data encryption.

Use the Java conventions when you specify the algorithm. For example:

algorithmName/feedbackMode/padding

The only padding type that is allowed with Derby is NoPadding.

If no encryption algorithm is specified, the default value is DES/CBC/NoPadding.

For information about data encryption, see "Configuring database encryption" in the Derby Security Guide.

Combining with other attributes

The encryptionAlgorithm=algorithm attribute must be combined with the dataEncryption=true attribute and with either the bootPassword=key attribute or the encryptionKey=key attribute. You can also use the encryptionProvider=providerName attribute to specify the encryption provider of the algorithm.

For an existing database for which authentication and SQL authorization are both enabled, only the database owner can perform encryption or reencryption. See "Configuring user authentication" and "Configuring user authorization" in the Derby Security Guide for more information.

Examples

-- encrypt a new database
jdbc:derby:encryptedDB;create=true;dataEncryption=true;
    encryptionProvider=com.sun.crypto.provider.SunJCE;
    encryptionAlgorithm=DESede/CBC/NoPadding;
    bootPassword=cLo4u922sc23aPe
-- configure an existing database for encryption 
jdbc:derby:salesdb;dataEncryption=true; 
    encryptionProvider=com.sun.crypto.provider.SunJCE; 
    encryptionAlgorithm=DESede/CBC/NoPadding; 
    bootPassword=cLo4u922sc23aPe
Note: If the specified provider does not support the specified algorithm, Derby returns an exception.
Parent topic: Setting attributes for the database connection URL