db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Suresh Thalamati <suresh.thalam...@gmail.com>
Subject Re: [jira] Commented: (DERBY-1156) allow the encrypting of an existing unencrypted db and allow the re-encrypting of an existing encrypted db
Date Fri, 05 May 2006 21:56:31 GMT
Thanks for taking time to review the spec Dan. I will update the spec
with your suggestions. My comments are in-line.

Daniel John Debrunner (JIRA) wrote:
>     [ http://issues.apache.org/jira/browse/DERBY-1156?page=comments#action_12377425 ]

> 
> Daniel John Debrunner commented on DERBY-1156:
> ----------------------------------------------
> 
> Comments on the functional part of the spec:
> 
> Encrypting an existing un-encrypted database:
>    - I assume the other encryption properties can be set at this time, such as encrpytionAlgorithm
- would be good to state that.

yes. All the encryption properties that are allowed now during create 
  should  work in this case also.


>    - jdbc:derby:salesdb;dataEncryption=true;bootPassword=1234xyz - Does this example
work? 
>I thought the boot password had
>      to be at least eight characters?

you are right, password should be atleast 8 characters.

> 
> Encrypting with a new password or a new encryption key:
> 
>   - Just want to ensure the terminology is clear here,
>      "Database will be encrypted with new password/key if it is booted with following
new URL attributes:"
>      The database is always encrypted with a new encryption key, and if newBootPassword
is used then that key
>       is protected with a new boot password.
> 
>     "... all the data in the database will be encrypted using this password ..."
>      .. all the data in the database will be encrypted with a newly generated key ...
> 
>     In this mode can the encryption algorithm be changed?

It can be supported. I was planning to look at this case after I get 
the rest of the work done, if I get time. Do you think this is 
something that will be useful to the users ?


Thanks
-suresh

Mime
View raw message