The documentation @ http://db.apache.org/derby/docs/10.5/devguide/tdevdvlp40140.html
"If the algorithm that was used when the database was created is not the default algorithm, you must also specify the encryptionAlgorithm attribute"
yet when I gave the wrong value of "DES/CBC/NoPadding", having created the database with "DESede", it booted without a problem. I was concerned that it might not have actually encrypted with the correct algorithm, given this Java bug:
I was concerned that it might not use strong (>128 bit) encryption. Other people may be similarly concerned about what the documentation seems to say, given the behavior of the code. I think that statement in quotes should be removed entirely, and one stating something to the effect of
"Just supply the bootPassword or encryptionKey attributes to boot the database."
Should replace it.