db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Dag H. Wanvik (JIRA)" <j...@apache.org>
Subject [jira] [Comment Edited] (DERBY-4229) encryptionKeyLength connection attribute should be documented
Date Sat, 22 Sep 2012 04:24:09 GMT

    [ https://issues.apache.org/jira/browse/DERBY-4229?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13461022#comment-13461022
] 

Dag H. Wanvik edited comment on DERBY-4229 at 9/22/12 3:23 PM:
---------------------------------------------------------------

> The encryptionKeyLength=length attribute may also be combined with the encryptionProvider=providerName

> and/or encryptionAlgorithm=algorithm attributes. You may wish to use encryptionKeyLength=length
when
> you specify a non-default encryption algorithm.

If seems you'd want to use eKL *only* iff a) one wants a non default algorithm (default is
DES) and b) the algorithm allows for more than one key length (AES is mentioned above) and
c) one wants a key length that is not default (AES 192 or 256 above).

We should investigate your other questions, Kim, good ones!
                
      was (Author: dagw):
    > The encryptionKeyLength=length attribute may also be combined with the encryptionProvider=providerName

> and/or encryptionAlgorithm=algorithm attributes. You may wish to use encryptionKeyLength=length
when
> you specify a non-default encryption algorithm.

If seems you'd want to use eKL only iff a) one wants a non default algorithm (default is DES)
and b) the algorithm allows for more than one key length (AES is mentioned above) and c) one
want a key length that is not default (AES 192 or 256 above).

We should investigate your other questions, Kim, good ones!
                  
> encryptionKeyLength connection attribute should be documented
> -------------------------------------------------------------
>
>                 Key: DERBY-4229
>                 URL: https://issues.apache.org/jira/browse/DERBY-4229
>             Project: Derby
>          Issue Type: Bug
>          Components: Documentation
>    Affects Versions: 10.5.1.1
>            Reporter: Kathey Marsden
>            Assignee: Kim Haase
>             Fix For: 10.5.2.0
>
>         Attachments: cdevcsecure67151.html, DERBY-4229-2.diff, DERBY-4229-2.stat, DERBY-4229.diff,
rrefattribencryptkeylength.html
>
>
> The developer guide says:
> The length of the encryption key depends on the algorithm used:
> AES (128, 192, and 256 bits) 
> DES (the default) (56 bits) 
> DESede (168 bits) 
> All other algorithms (128 bits) 
> Note: The boot password should have at least as many characters as number of bytes in
the encryption key (56 bits=8 bytes, 168 bits=24 bytes, 128 bits=16 bytes). The minimum number
of characters for the boot password allowed by Derby is eight.
> For AES, however,  it does not tell how to change the default key length  of 128.  This
can be changed with the encryptionKeyLength connection attribute.  The documentation should
also specify that special policy files for the JRE may be necessary to accomodate the longer
length.
> Also note that there is an outstanding issue DERBY-3710 regarding length of 192 for AES.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Mime
View raw message