Return-Path: Delivered-To: apmail-db-derby-commits-archive@www.apache.org Received: (qmail 55526 invoked from network); 21 May 2009 15:08:15 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.3) by minotaur.apache.org with SMTP; 21 May 2009 15:08:15 -0000 Received: (qmail 26765 invoked by uid 500); 21 May 2009 15:08:28 -0000 Delivered-To: apmail-db-derby-commits-archive@db.apache.org Received: (qmail 26712 invoked by uid 500); 21 May 2009 15:08:28 -0000 Mailing-List: contact derby-commits-help@db.apache.org; run by ezmlm Precedence: bulk list-help: list-unsubscribe: List-Post: Reply-To: "Derby Development" List-Id: Delivered-To: mailing list derby-commits@db.apache.org Received: (qmail 26703 invoked by uid 99); 21 May 2009 15:08:28 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 21 May 2009 15:08:28 +0000 X-ASF-Spam-Status: No, hits=-2000.0 required=10.0 tests=ALL_TRUSTED X-Spam-Check-By: apache.org Received: from [140.211.11.4] (HELO eris.apache.org) (140.211.11.4) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 21 May 2009 15:08:26 +0000 Received: by eris.apache.org (Postfix, from userid 65534) id 4863623888E5; Thu, 21 May 2009 15:08:06 +0000 (UTC) Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Subject: svn commit: r777148 - /db/derby/docs/branches/10.5/src/devguide/cdevcsecure67151.dita Date: Thu, 21 May 2009 15:08:06 -0000 To: derby-commits@db.apache.org From: chaase3@apache.org X-Mailer: svnmailer-1.0.8 Message-Id: <20090521150806.4863623888E5@eris.apache.org> X-Virus-Checked: Checked by ClamAV on apache.org Author: chaase3 Date: Thu May 21 15:08:05 2009 New Revision: 777148 URL: http://svn.apache.org/viewvc?rev=777148&view=rev Log: DERBY-4229: encryptionKeyLength connection attribute should be documented DERBY-2821: emphasize that derby encryption only supports NoPadding option Merged DERBY-4229.diff to 10.5 docs branch from trunk revision 777141. Modified: db/derby/docs/branches/10.5/src/devguide/cdevcsecure67151.dita Modified: db/derby/docs/branches/10.5/src/devguide/cdevcsecure67151.dita URL: http://svn.apache.org/viewvc/db/derby/docs/branches/10.5/src/devguide/cdevcsecure67151.dita?rev=777148&r1=777147&r2=777148&view=diff ============================================================================== --- db/derby/docs/branches/10.5/src/devguide/cdevcsecure67151.dita (original) +++ db/derby/docs/branches/10.5/src/devguide/cdevcsecure67151.dita Thu May 21 15:08:05 2009 @@ -50,11 +50,25 @@

ECB

OFB

The only padding mode allowed is NoPadding.

By default, uses the DES algorithm of DES/CBC/NoPadding.

Specify an alternate encryption algorithm when you create a database with +

To specify an alternate encryption algorithm when you create a database, use the encryptionAlgorithm=algorithm attribute. If the algorithm you specify is not supported by the provider you have specified, throws an exception.

To specify the AES encryption algorithm with a key length other than the +default of 128, specify the encryptionKeyLength attribute. For example, +you might specify the following connection attributes:

+ +jdbc:derby:encdbcbc_192;create=true;dataEncryption=true; +encryptionKeyLength=192;encryptionAlgorithm=AES/CBC/NoPadding; +bootPassword=Thursday + +

To use the AES algorithm with a key length of 192 or 256, you must use +unrestricted policy jar files for your JRE. You can obtain these files from your +Java provider. They might have a name like "Java Cryptography Extension (JCE) +Unlimited Strength Jurisdiction Policy Files." If you specify a non-default key +length using the default policy jar files, a Java exception occurs.