When you encrypt a database you must also specify a boot password, which is an alpha-numeric string used to generate the encryption key.
The length of the encryption key depends on the algorithm used:
It is a good idea not to use words that would be easily guessed, such as a login name or simple words or numbers. A bootPassword, like any password, should be a mix of numbers and upper- and lowercase letters.
You turn on and configure encryption and specify the corresponding boot password on the connection URL for a database when you create it:
jdbc:derby:encryptionDB1;create=true;dataEncryption=true; bootPassword=clo760uds2caPe