db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Sunitha Kambhampati <skam...@Yngvi.Org>
Subject Regarding Derby42 : Do not store the encryption key length and the encryption block size in service.properties:
Date Mon, 18 Oct 2004 22:36:00 GMT
Do not store the encryption key length and the encryption block size in 
service.properties for encrypted database when external key is used.

Regarding  fix for derby 42 
(http://nagoya.apache.org/jira/browse/DERBY-42 ):
1)The encryption key length is used only for error checking and the fix 
to not store this information is OK and simple. Also attached is patch 
to fix this first part .

2)However removing the encryption block size property is little more 
Currently,  the encryption block size is obtained during creation of the 
encrypted database and stored in service.properties.  On subsequent 
connections, this stored value is used for padding of logs.

One of the reason for storing this block size is because Cipher class 
description suggests that the getBlockSize() returns the default block 
size. Thus it is likely that the blocksize returned from this api might 
change and hence for subsequent connections, the logging system uses the 
stored encryption block size to do padding.

But in case of *external key*, if it is decided to remove storing the 
encryption block size, then
a) database created with previous versions ( ie before this fix) will 
work OK with this fix.  No issue with upgrade.
b) database *created* with version that has this fix will not work with 
previous versions since the previous version will try to get the 
encryption block size from the service.properties and will not find it.

So, because of  (b), the fix to remove encryption block size from 
service.properties will require the versioning numbers to change, is 
that right (?).

Any thoughts/comments


ps: attached patch fixes the first part of derby42 -  do not store the 
encryption key length in service properties when external key is used

View raw message