Derby does decrypt or encrypt a database page or log record on the fly as it is loaded from disk into the buffer page cache or when flushing to the database / written to the log accordingly.
As far as 'encryptionKeyLength', it is now documented as part of the latest Alpha documentation set:
c.f. Developer Guide at:
There was a JIRA opened for this issue at:
Hope this helps,
I use the derby database encryption frequently in my programs but I was wondering how it really works.
Does it decrypt the db once on boot and then once more time on shutdown only ?
or does the database stay encrypted all the time and the data that goes back and forth is encrypted/decrypted on the fly ?
One more question whose answer is not in the derby docs, when I specify an encryption key in the jdbc url and I do not specify the "encryptionKeyLength" parameter, what does it take as default value? supposed I was using AES or Blowfish which can use 192 or 256bit keys, does derby automatically guess the key length from the specified key?