db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Kristian Waagan (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (DERBY-5792) Make it possible to turn off encryption on an already encrypted database.
Date Wed, 03 Oct 2012 11:36:07 GMT

     [ https://issues.apache.org/jira/browse/DERBY-5792?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel

Kristian Waagan updated DERBY-5792:

    Attachment: derby-5792-3a-decryption_feature.diff

Patch 3a adds the decryption feature:

* iapi/reference/Attribute
Adds the new connection URL 'decryptDatabase' (true|false).

* iapi/store/raw/RawStoreFactory
Adds the new minor version 10.
Updated a comment.

* iapi/store/raw/DataFactory
Adds method decryptAllContainers(RawTransaction).

* impl/jdbc/EmbeddedConnection
Introduces notion of crypto boot, instead of looking just for encryption. Makes two-phase
boot logic apply to decryption.
Adds check for conflicting high-level cryptographic attributes. Note that the checking here
is incomplete due to missing knowledge about the state of the database (for instance, is it
encrypted or not?).

* impl/store/RawStore
Adds logic to detect decryption request.
Denies decryption if the database is in certain states (read-only, has global prepared xact,
log archived, store version too old).
Adds logic to update the service properties, that is to remove encryption properties after
decryption has happened.
Decryption reuses the same crash recovery support as encryption uses.

* impl/store/raw/data/BaseDataFileFactory
Implements decryptAllContainers(RawTransaction.

* impl/store/raw/data/RAFContainer
Adds logic to skip encryption of page data. This is effectively where decryption happens,
except that the data has already been decrypted when entering the page cache. We just don't
encrypt it again before writing it out to disk.
Updates some error messages.

* loc/messages.xml
Adds two new error messages.

* shared/common/reference/SQLState
Adds two new SQLStates.

* tests/store/_Suite
Enables DecryptDatabaseTest.

Known missing tasks:
 o logic to deal with DBO powers
 o crash recovery test
 o may want to introduce a DecryptContainerOperation instead of reusing the log entry for
 o some potential cleanup/refactoring
 o don't know if the error messages are satisfactory, or if we want to add separate messages
for each of the failure situations
 o documentation (logged by Kim as DERBY-5939, thanks!), which should be very similar to encryption,
but much simpler. There is only one knob :) We probably want to mention the failure situations,
which are mainly conflicting attributes and cases where decryption is unsupported/denied.

Patch ready for review.
> Make it possible to turn off encryption on an already encrypted database.
> -------------------------------------------------------------------------
>                 Key: DERBY-5792
>                 URL: https://issues.apache.org/jira/browse/DERBY-5792
>             Project: Derby
>          Issue Type: Improvement
>          Components: JDBC, Store
>    Affects Versions:
>            Reporter: Rick Hillegas
>            Assignee: Kristian Waagan
>         Attachments: derby-5792-1a-boilerplate_and_preparation.diff, derby-5792-1b-boilerplate_and_preparation.diff,
derby-5792-2a-decryptdatabasetest.diff, derby-5792-3a-decryption_feature.diff
> Currently, you can encrypt an unencrypted database and you can change the encryption
key on an already encrypted database. However, Derby does not expose a way to turn off (unencrypt)
an already encrypted database.

This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

View raw message