Derby supports the following encryption algorithms.
For example, the algorithm Blowfish implemented in the Java Cryptography Extension (JCE) packages (javax.crypto.*) fulfills these requirements.
By Java convention, an encryption algorithm is specified like this:
algorithmName/feedbackMode/padding
The only feedback modes allowed are:
The only padding mode allowed is NoPadding.
By default, Derby uses the DES algorithm of DES/CBC/NoPadding.
To specify an alternate encryption algorithm when you create a database, use the encryptionAlgorithm=algorithm attribute. If the algorithm you specify is not supported by the provider you have specified, Derby throws an exception.
To specify the AES encryption algorithm with a key length other than the default of 128, specify the encryptionKeyLength attribute. For example, you might specify the following connection attributes:
jdbc:derby:encdbcbc_192;create=true;dataEncryption=true; encryptionKeyLength=192;encryptionAlgorithm=AES/CBC/NoPadding; bootPassword=Thursday
To use the AES algorithm with a key length of 192 or 256, you must use unrestricted policy jar files for your JRE. You can obtain these files from your Java provider. They might have a name like "Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files." If you specify a non-default key length using the default policy jar files, a Java exception occurs.