db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Kim Haase (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (DERBY-4229) encryptionKeyLength connection attribute should be documented
Date Fri, 21 Sep 2012 20:14:07 GMT

     [ https://issues.apache.org/jira/browse/DERBY-4229?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel

Kim Haase updated DERBY-4229:

    Attachment: rrefattribencryptkeylength.html

Attaching DERBY-4229-2.diff, DERBY-4229-2.stat, and rrefattribencryptkeylength.html, with
the following changes:

A       src/ref/rrefattribencryptkeylength.dita
M       src/ref/refderby.ditamap

I'm guessing on a few things, so please check the new topic carefully! 

In particular, is the note at the end true? Seems as if it should be (I extrapolated from
the note at the end of the encryptionAlgorithm topic). 

Also, what happens if you use encryptionKeyLength with the encryptionKey attribute instead
of with bootPassword? Is it ignored, is there an error, or is there an error only if the specified
length is different from the actual length?

Thanks in advance.
> encryptionKeyLength connection attribute should be documented
> -------------------------------------------------------------
>                 Key: DERBY-4229
>                 URL: https://issues.apache.org/jira/browse/DERBY-4229
>             Project: Derby
>          Issue Type: Bug
>          Components: Documentation
>    Affects Versions:
>            Reporter: Kathey Marsden
>            Assignee: Kim Haase
>             Fix For:
>         Attachments: cdevcsecure67151.html, DERBY-4229-2.diff, DERBY-4229-2.stat, DERBY-4229.diff,
> The developer guide says:
> The length of the encryption key depends on the algorithm used:
> AES (128, 192, and 256 bits) 
> DES (the default) (56 bits) 
> DESede (168 bits) 
> All other algorithms (128 bits) 
> Note: The boot password should have at least as many characters as number of bytes in
the encryption key (56 bits=8 bytes, 168 bits=24 bytes, 128 bits=16 bytes). The minimum number
of characters for the boot password allowed by Derby is eight.
> For AES, however,  it does not tell how to change the default key length  of 128.  This
can be changed with the encryptionKeyLength connection attribute.  The documentation should
also specify that special policy files for the JRE may be necessary to accomodate the longer
> Also note that there is an outstanding issue DERBY-3710 regarding length of 192 for AES.

This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

View raw message