newEncryptionKey=key attribute

The newEncryptionKey=key attribute specifies a new external encryption key for an encrypted database.

All of the existing data in the database is encrypted using the new encryption key, and any new data written to the database will use this key for encryption. For more information about this attribute, see "Encrypting databases with a new external encryption key" in the Derby Security Guide.

The encryption key value must be a hexadecimal string at least 16 digits in length (8 bytes), and it must contain an even number of digits.

Combining with other attributes

The newEncryptionKey=key attribute must be combined with the encryptionKey=key attribute.

You cannot change the encryption provider or the encryption algorithm when you use the newEncryptionKey=key attribute.

For an existing encrypted database for which authentication and SQL authorization are both enabled, only the database owner can perform reencryption. See "Configuring user authentication" and "Configuring user authorization" in the Derby Security Guide for more information.

After you change the encryption key, be sure to check for SQLWarnings. The change succeeded only if there were no SQLWarnings or SQLExceptions.

Example

-- specify a new encryption key for a database
jdbc:derby:salesdb;encryptionKey=6162636465666768;
    newEncryptionKey=6862636465666768
Parent topic: Setting attributes for the database connection URL