encryptionKey=key attribute

Function

Specifies the external key to use to:
  • Encrypt a new database
  • Configure an existing unencrypted database for encryption
  • Boot an existing encrypted database
Your application must provide the encryption key.

Combining with other attributes

When creating a new database, you must combine the encryptionKey attribute with the create=true and dataEncryption=true attributes.

When you configure an existing unencrypted database for encryption, the encryptionKey attribute must be combined with the dataEncryption=true attribute. For an existing, unencrypted database for which authentication and SQL authorization are both enabled, only the database owner can perform encryption. Please see "Enabling user authentication" and "Setting the SQL standard authorization mode" in the Derby Developer's Guide for more information.

When booting an existing encrypted database, you must also specify the encryptionAlgorithm attribute if the algorithm that was used when the database was created is not the default algorithm.

The default encryption algorithm used by Derby is DES/CBC/NoPadding.

Examples

Example of a JDBC URL that creates a new encrypted database:

jdbc:derby:newDB;create=true;dataEncryption=true;
   encryptionAlgorithm=DES/CBC/NoPadding;encryptionKey=6162636465666768
Example of a JDBC URL that configures an existing unencrypted database for encryption:
jdbc:derby:salesdb;dataEncryption=true;encryptionKey=6162636465666768
Example of a JDBC URL that boots an encrypted database:
jdbc:derby:encryptedDB;encryptionKey=6162636465666768