Derby
  1. Derby
  2. DERBY-4229

encryptionKeyLength connection attribute should be documented

    Details

      Description

      The developer guide says:

      The length of the encryption key depends on the algorithm used:
      AES (128, 192, and 256 bits)
      DES (the default) (56 bits)
      DESede (168 bits)
      All other algorithms (128 bits)
      Note: The boot password should have at least as many characters as number of bytes in the encryption key (56 bits=8 bytes, 168 bits=24 bytes, 128 bits=16 bytes). The minimum number of characters for the boot password allowed by Derby is eight.

      For AES, however, it does not tell how to change the default key length of 128. This can be changed with the encryptionKeyLength connection attribute. The documentation should also specify that special policy files for the JRE may be necessary to accomodate the longer length.

      Also note that there is an outstanding issue DERBY-3710 regarding length of 192 for AES.

      1. cdevcsecure67151.html
        6 kB
        Kim Haase
      2. DERBY-4229.diff
        2 kB
        Kim Haase
      3. DERBY-4229-2.diff
        4 kB
        Kim Haase
      4. DERBY-4229-2.stat
        0.1 kB
        Kim Haase
      5. DERBY-4229-3.diff
        5 kB
        Kim Haase
      6. rrefattribencryptkeylength.html
        5 kB
        Kim Haase
      7. rrefattribencryptkeylength.html
        5 kB
        Kim Haase

        Issue Links

          Activity

          No work has yet been logged on this issue.

            People

            • Assignee:
              Kim Haase
              Reporter:
              Kathey Marsden
            • Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                Development