Return-Path: Delivered-To: apmail-db-derby-dev-archive@www.apache.org Received: (qmail 41940 invoked from network); 20 May 2009 20:58:58 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.3) by minotaur.apache.org with SMTP; 20 May 2009 20:58:58 -0000 Received: (qmail 54325 invoked by uid 500); 20 May 2009 20:59:10 -0000 Delivered-To: apmail-db-derby-dev-archive@db.apache.org Received: (qmail 54268 invoked by uid 500); 20 May 2009 20:59:10 -0000 Mailing-List: contact derby-dev-help@db.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: Delivered-To: mailing list derby-dev@db.apache.org Received: (qmail 54039 invoked by uid 99); 20 May 2009 20:59:10 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 20 May 2009 20:59:10 +0000 X-ASF-Spam-Status: No, hits=-2000.0 required=10.0 tests=ALL_TRUSTED X-Spam-Check-By: apache.org Received: from [140.211.11.140] (HELO brutus.apache.org) (140.211.11.140) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 20 May 2009 20:59:07 +0000 Received: from brutus (localhost [127.0.0.1]) by brutus.apache.org (Postfix) with ESMTP id 0A0E4234C045 for ; Wed, 20 May 2009 13:58:46 -0700 (PDT) Message-ID: <1837358116.1242853126040.JavaMail.jira@brutus> Date: Wed, 20 May 2009 13:58:46 -0700 (PDT) From: "Kim Haase (JIRA)" To: derby-dev@db.apache.org Subject: [jira] Updated: (DERBY-4229) encryptionKeyLength connection attribute should be documented In-Reply-To: <941275995.1242331545551.JavaMail.jira@brutus> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394 X-Virus-Checked: Checked by ClamAV on apache.org [ https://issues.apache.org/jira/browse/DERBY-4229?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Kim Haase updated DERBY-4229: ----------------------------- Attachment: cdevcsecure67151.html DERBY-4229.diff Attaching DERBY-4229.diff and cdevcsecure67151.html, which I hope provide the information needed here. The topic where the information seems to belong is "Specifying an alternate encryption algorithm." I've added one sentence that I hope also fixes DERBY-2821, an issue filed a long time ago. > encryptionKeyLength connection attribute should be documented > ------------------------------------------------------------- > > Key: DERBY-4229 > URL: https://issues.apache.org/jira/browse/DERBY-4229 > Project: Derby > Issue Type: Bug > Components: Documentation > Reporter: Kathey Marsden > Assignee: Kim Haase > Attachments: cdevcsecure67151.html, DERBY-4229.diff > > > The developer guide says: > The length of the encryption key depends on the algorithm used: > AES (128, 192, and 256 bits) > DES (the default) (56 bits) > DESede (168 bits) > All other algorithms (128 bits) > Note: The boot password should have at least as many characters as number of bytes in the encryption key (56 bits=8 bytes, 168 bits=24 bytes, 128 bits=16 bytes). The minimum number of characters for the boot password allowed by Derby is eight. > For AES, however, it does not tell how to change the default key length of 128. This can be changed with the encryptionKeyLength connection attribute. The documentation should also specify that special policy files for the JRE may be necessary to accomodate the longer length. > Also note that there is an outstanding issue DERBY-3710 regarding length of 192 for AES. -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.