From derby-user-return-9957-apmail-db-derby-user-archive=db.apache.org@db.apache.org Mon Oct 20 07:33:01 2008
Return-Path: <derby-user-return-9957-apmail-db-derby-user-archive=db.apache.org@db.apache.org>
Delivered-To: apmail-db-derby-user-archive@www.apache.org
Received: (qmail 44993 invoked from network); 20 Oct 2008 07:33:00 -0000
Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2)
  by minotaur.apache.org with SMTP; 20 Oct 2008 07:33:00 -0000
Received: (qmail 40918 invoked by uid 500); 20 Oct 2008 07:33:01 -0000
Delivered-To: apmail-db-derby-user-archive@db.apache.org
Received: (qmail 40671 invoked by uid 500); 20 Oct 2008 07:33:00 -0000
Mailing-List: contact derby-user-help@db.apache.org; run by ezmlm
Precedence: bulk
list-help: <mailto:derby-user-help@db.apache.org>
list-unsubscribe: <mailto:derby-user-unsubscribe@db.apache.org>
List-Post: <mailto:derby-user@db.apache.org>
List-Id: <derby-user.db.apache.org>
Reply-To: "Derby Discussion" <derby-user@db.apache.org>
Delivered-To: mailing list derby-user@db.apache.org
Received: (qmail 40658 invoked by uid 99); 20 Oct 2008 07:33:00 -0000
Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136)
    by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 20 Oct 2008 00:33:00 -0700
X-ASF-Spam-Status: No, hits=-4.0 required=10.0
	tests=RCVD_IN_DNSWL_MED,SPF_PASS
X-Spam-Check-By: apache.org
Received-SPF: pass (athena.apache.org: local policy)
Received: from [192.18.6.24] (HELO gmp-eb-inf-2.sun.com) (192.18.6.24)
    by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 20 Oct 2008 07:31:50 +0000
Received: from fe-emea-09.sun.com (gmp-eb-lb-2-fe2.eu.sun.com [192.18.6.11])
	by gmp-eb-inf-2.sun.com (8.13.7+Sun/8.12.9) with ESMTP id m9K7WQnX019222
	for <derby-user@db.apache.org>; Mon, 20 Oct 2008 07:32:26 GMT
Received: from conversion-daemon.fe-emea-09.sun.com by fe-emea-09.sun.com
 (Sun Java System Messaging Server 6.2-8.04 (built Feb 28 2007))
 id <0K91001010O2KH00@fe-emea-09.sun.com>
 (original mail from Knut.Hatlen@Sun.COM) for derby-user@db.apache.org; Mon,
 20 Oct 2008 08:32:26 +0100 (BST)
Received: from localhost ([129.159.112.134])
 by fe-emea-09.sun.com (Sun Java System Messaging Server 6.2-8.04 (built Feb 28
 2007)) with ESMTPSA id <0K9100F1D0XHAP70@fe-emea-09.sun.com> for
 derby-user@db.apache.org; Mon, 20 Oct 2008 08:32:06 +0100 (BST)
Date: Mon, 20 Oct 2008 09:32:05 +0200
From: Knut Anders Hatlen <Knut.Hatlen@Sun.COM>
Subject: Re: Enabling encryption using DataSource after creating a database
In-reply-to: <20040339.post@talk.nabble.com>
Sender: Knut.Hatlen@Sun.COM
To: Derby Discussion <derby-user@db.apache.org>
Message-id: <wjo8bpxf203u.fsf@sun.com>
Organization: Sun Microsystems
MIME-version: 1.0
Content-type: text/plain; charset=us-ascii
Content-transfer-encoding: 7BIT
References: <20040339.post@talk.nabble.com>
User-Agent: Gnus/5.110011 (No Gnus v0.11) Emacs/23.0.60 (usg-unix-v)
X-Virus-Checked: Checked by ClamAV on apache.org

Iwud H8u <iwudh8u@hotmail.com> writes:

> Hi All,
>
> I am using EmbeddedDataSource to create a database and in a separate step
> enable authentication and encryption on the database. I have enabled
> authentication using the following code:
>
>             // set authentication 
>             CallableStatement callableStatement = connection.prepareCall(""
> +
>                     "CALL SYSCS_UTIL.SYSCS_SET_DATABASE_PROPERTY(?, ?)");
> //            callableStatement.setString(1,
> "derby.database.sqlAuthorization");
>             callableStatement.setString(1,
> "derby.connection.requireAuthentication");
>             callableStatement.setString(2, "true");
>             callableStatement.execute();
>
> However, I do not see a similar mechanism to enable encryption.

I think encryption can only be enabled when the database is being
created or booted. A stored procedure can only be called after the
database has been created/booted, so I guess that's why there's no
similar mechanism for encryption.

> So I tried
> the following code:
>
>         // get properties from props file
>         String sysDir = props.getProperty("derby.system.home");
>         String dbName = props.getProperty("database.name");
>
>         EmbeddedDataSource dataSource = new EmbeddedDataSource();
>         dataSource.setUser(userName);
>         dataSource.setPassword(password);
>         dataSource.setConnectionAttributes("dataEncryption=true");
>         dataSource.setConnectionAttributes("bootPassword="+password);
>        
> dataSource.setConnectionAttributes("encryptionAlgorithm=AES/CBC/NoPadding");

Each call to setConnectionAttributes() will overwrite the previous value
of the connection attributes field. Please try this instead:

String attrs = "dataEncryption=true;bootPassword=" + password +
               ";encryptionAlgorithm=AES/CBC/NoPadding";
dataSource.setConnectionAttributes(attrs);

> dataSource.setDatabaseName(sysDir+System.getProperty("file.separator")+dbName);
>
>         connection = dataSource.getConnection();
>
> But this does not seem to enable encryption because when I shut down the
> database and try to reconnect to it by passing it the wrong bootpassword/no
> bootpassword, it boots up the database. Is there any way of enabling
> encryption using EmbeddedDataSource?
>
> Thanks,
> Jay

-- 
Knut Anders