db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Kristian Waagan (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (DERBY-5792) Make it possible to turn off encryption on an already encrypted database.
Date Tue, 18 Sep 2012 20:25:08 GMT

    [ https://issues.apache.org/jira/browse/DERBY-5792?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13458117#comment-13458117

Kristian Waagan commented on DERBY-5792:

---- Kim ----
The one-time operation point seems a bit less compelling, if my guess (just a guess) is correct
that "dataEncryption=true" is also a one-time operation? Or can you re-encrypt an encrypted
database, changing from, say, one encryption algorithm to another? Would that work, or would
it totally mess up your database? Anyway, I think reducing the possibility of confusion is
Actually, dataEncryption isn't considered a one-time operation, although for the end user
it appears to be so:
 a) We save dataEncryption=true in service.properties. Even if you specify dataEncryption=false
when connecting, we will read dataEncryption=true if the database is [already] encrypted.
 b) You can re-encrypt [1] an encrypted database, but I haven't checked if you have to specify
dataEncryption=true or only newBootPassword/newEncryptionKey (with bootPassword to access
the database in addition) to do so.

As for attribute handling I'm going for what seems to be the default action:
 o ignore attributes when they don't cause any trouble, for instance decryptDatabase=true
on un-encrypted or booted database. One could argue the latter case deserves a warning.
 o raise exception if the attributes are truly conflicting (dataEncryption=true;decryptDatabase=true
on un-encrypted database, decryptDatabase=true;createFrom=myEncryptedDb)

[1] I'd have to look at the code / docs again to say exactly what re-encrypt entails in all
cases. I seem to recall some differences between using the boot attributes and the system
procedure for changing the boot password.
> Make it possible to turn off encryption on an already encrypted database.
> -------------------------------------------------------------------------
>                 Key: DERBY-5792
>                 URL: https://issues.apache.org/jira/browse/DERBY-5792
>             Project: Derby
>          Issue Type: Improvement
>          Components: JDBC, Store
>    Affects Versions:
>            Reporter: Rick Hillegas
>            Assignee: Kristian Waagan
>         Attachments: derby-5792-1a-boilerplate_and_preparation.diff
> Currently, you can encrypt an unencrypted database and you can change the encryption
key on an already encrypted database. However, Derby does not expose a way to turn off (unencrypt)
an already encrypted database.

This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

View raw message