dataEncryption=true attribute

Function

Specifies data encryption on disk for a new database or to configure an existing unencrypted database for encryption. For information about data encryption, see "Encrypting databases on disk" in the Derby Developer's Guide.

Combining with other attributes

The dataEncryption=true attribute must be combined with either the bootPassword=key attribute or the encryptionKey=key attribute.

With either bootPassword=key or encryptionKey=key, you have the option of also specifying the encryptionProvider=providerName, encryptionAlgorithm=algorithm, and/or encryptionKeyLength=length attributes.

An encryption key and a boot password use different storage mechanisms, so if, for example, you create a database using a boot password, you must continue to specify a boot password when you boot the database; you cannot switch to an encryption key. You can change either the boot password or the encryption key by specifying newBootPassword=newPassword or newEncryptionKey=key.

For an existing, unencrypted database for which authentication and SQL authorization are both enabled, only the database owner can perform encryption. See also "Enabling user authentication" and "Setting the SQL standard authorization mode" in the Derby Developer's Guide for more information.

Examples

-- encrypt a new database
jdbc:derby:encryptedDB;create=true;dataEncryption=true;
    bootPassword=cLo4u922sc23aPe
-- configure an existing unencrypted database for encryption 
jdbc:derby:salesdb;dataEncryption=true;bootPassword=cLo4u922sc23aPe