db-derby-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From chaa...@apache.org
Subject svn commit: r777141 - /db/derby/docs/trunk/src/devguide/cdevcsecure67151.dita
Date Thu, 21 May 2009 14:56:05 GMT
Author: chaase3
Date: Thu May 21 14:56:05 2009
New Revision: 777141

URL: http://svn.apache.org/viewvc?rev=777141&view=rev
Log:
DERBY-4229: encryptionKeyLength connection attribute should be documented
DERBY-2821: emphasize that derby encryption only supports NoPadding option

Updated "Specifying an alternate encryption algorithm" topic to fix two issues.

Patch: DERBY-4229.diff

Modified:
    db/derby/docs/trunk/src/devguide/cdevcsecure67151.dita

Modified: db/derby/docs/trunk/src/devguide/cdevcsecure67151.dita
URL: http://svn.apache.org/viewvc/db/derby/docs/trunk/src/devguide/cdevcsecure67151.dita?rev=777141&r1=777140&r2=777141&view=diff
==============================================================================
--- db/derby/docs/trunk/src/devguide/cdevcsecure67151.dita (original)
+++ db/derby/docs/trunk/src/devguide/cdevcsecure67151.dita Thu May 21 14:56:05 2009
@@ -50,11 +50,25 @@
 <li>ECB</li>
 <li>OFB</li>
 </ul>
+<p>The only padding mode allowed is <i>NoPadding</i>.</p>
 <p>By default, <ph conref="../conrefs.dita#prod/productshortname"></ph>
uses
 the DES algorithm of <i>DES/CBC/NoPadding</i>.</p>
-<p>Specify an alternate encryption algorithm when you create a database with
+<p>To specify an alternate encryption algorithm when you create a database, use
 the <i>encryptionAlgorithm=algorithm</i> attribute. If the algorithm you specify
 is not supported by the provider you have specified, <ph conref="../conrefs.dita#prod/productshortname"></ph>
throws
 an exception.</p>
+<p>To specify the AES encryption algorithm with a key length other than the
+default of 128, specify the <i>encryptionKeyLength</i> attribute. For example,
+you might specify the following connection attributes:</p>
+<codeblock>
+jdbc:derby:encdbcbc_192;create=true;dataEncryption=true;
+encryptionKeyLength=192;encryptionAlgorithm=AES/CBC/NoPadding;
+bootPassword=Thursday
+</codeblock>
+<p>To use the AES algorithm with a key length of 192 or 256, you must use 
+unrestricted policy jar files for your JRE. You can obtain these files from your
+Java provider. They might have a name like "Java Cryptography Extension (JCE)
+Unlimited Strength Jurisdiction Policy Files." If you specify a non-default key
+length using the default policy jar files, a Java exception occurs.</p>
 </conbody>
 </concept>



Mime
View raw message