Hi George,

Derby does decrypt or encrypt a database page or log record on the fly as it is loaded from disk into the buffer page cache or when flushing to the database / written to the log accordingly.

As far as 'encryptionKeyLength', it is now documented as part of the latest Alpha documentation set:
c.f. Developer Guide at:
http://db.apache.org/derby/docs/dev/devguide/devguide-single.html

There was a JIRA opened for this issue at:
http://issues.apache.org/jira/browse/DERBY-4229

Hope this helps,

--francois

On Tue, Nov 17, 2009 at 11:16 PM, George H <george.dma@gmail.com> wrote:
Hi all,

I use the derby database encryption frequently in my programs but I was wondering how it really works.

Does it decrypt the db once on boot and then once more time on shutdown only ?
or does the database stay encrypted all the time and the data that goes back and forth is encrypted/decrypted on the fly ?

One more question whose answer is not in the derby docs, when I specify an encryption key in the jdbc url and I do not specify the "encryptionKeyLength" parameter, what does it take as default value? supposed I was using AES or Blowfish which can use 192 or 256bit keys, does derby automatically guess the key length from the specified key?

Thanks.
--
George H
george.dma@gmail.com