db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Kristian Waagan (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (DERBY-5792) Make it possible to turn off encryption on an already encrypted database.
Date Tue, 18 Sep 2012 20:25:08 GMT

    [ https://issues.apache.org/jira/browse/DERBY-5792?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13458117#comment-13458117
] 

Kristian Waagan commented on DERBY-5792:
----------------------------------------

---- Kim ----
The one-time operation point seems a bit less compelling, if my guess (just a guess) is correct
that "dataEncryption=true" is also a one-time operation? Or can you re-encrypt an encrypted
database, changing from, say, one encryption algorithm to another? Would that work, or would
it totally mess up your database? Anyway, I think reducing the possibility of confusion is
desirable.
----
Actually, dataEncryption isn't considered a one-time operation, although for the end user
it appears to be so:
 a) We save dataEncryption=true in service.properties. Even if you specify dataEncryption=false
when connecting, we will read dataEncryption=true if the database is [already] encrypted.
 b) You can re-encrypt [1] an encrypted database, but I haven't checked if you have to specify
dataEncryption=true or only newBootPassword/newEncryptionKey (with bootPassword to access
the database in addition) to do so.


As for attribute handling I'm going for what seems to be the default action:
 o ignore attributes when they don't cause any trouble, for instance decryptDatabase=true
on un-encrypted or booted database. One could argue the latter case deserves a warning.
 o raise exception if the attributes are truly conflicting (dataEncryption=true;decryptDatabase=true
on un-encrypted database, decryptDatabase=true;createFrom=myEncryptedDb)


[1] I'd have to look at the code / docs again to say exactly what re-encrypt entails in all
cases. I seem to recall some differences between using the boot attributes and the system
procedure for changing the boot password.
                
> Make it possible to turn off encryption on an already encrypted database.
> -------------------------------------------------------------------------
>
>                 Key: DERBY-5792
>                 URL: https://issues.apache.org/jira/browse/DERBY-5792
>             Project: Derby
>          Issue Type: Improvement
>          Components: JDBC, Store
>    Affects Versions: 10.10.0.0
>            Reporter: Rick Hillegas
>            Assignee: Kristian Waagan
>         Attachments: derby-5792-1a-boilerplate_and_preparation.diff
>
>
> Currently, you can encrypt an unencrypted database and you can change the encryption
key on an already encrypted database. However, Derby does not expose a way to turn off (unencrypt)
an already encrypted database.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Mime
View raw message