Hi George,

Derby does decrypt or encrypt a database page or log record on the fly as it is loaded from disk into the buffer page cache or when flushing to the database / written to the log accordingly.

As far as 'encryptionKeyLength', it is now documented as part of the latest Alpha documentation set:
c.f. Developer Guide at:

There was a JIRA opened for this issue at:

Hope this helps,


On Tue, Nov 17, 2009 at 11:16 PM, George H <george.dma@gmail.com> wrote:
Hi all,

I use the derby database encryption frequently in my programs but I was wondering how it really works.

Does it decrypt the db once on boot and then once more time on shutdown only ?
or does the database stay encrypted all the time and the data that goes back and forth is encrypted/decrypted on the fly ?

One more question whose answer is not in the derby docs, when I specify an encryption key in the jdbc url and I do not specify the "encryptionKeyLength" parameter, what does it take as default value? supposed I was using AES or Blowfish which can use 192 or 256bit keys, does derby automatically guess the key length from the specified key?

George H