To decrypt an encrypted database, specify the
decryptDatabase=true attribute in conjunction with either the
bootPassword=key attribute or the
encryptionKey=key attribute.
See the for details on the
connection URL attributes.
Ensure that you have enough free
disk space before you decrypt a database. In addition to the disk space required
for the unencrypted size of the database, temporary disk space is required to
store the encrypted version of the data to restore the database to its encrypted
state if the decryption is interrupted or returns errors. All of the temporary
disk space is released back to the operating system after the database is
decrypted.
You must shut down the database before you decrypt it. An attempt to decrypt
a booted database has no effect.
If the database is configured with log archival, you must disable log
archival in addition to shutting down the database before you can decrypt the
database. You should also create a new backup of the database before you decrypt
it, and create another after you decrypt it. For more information, see the
section "Backing up and restoring databases" in the
, particularly "Roll-forward
recovery".
If any global transactions are in the prepared state after recovery, the
database cannot be decrypted.
If authentication
and SQL authorization are
both enabled, the credentials of the
Database Owner must be supplied as
well, since decryption is a restricted operation.
After you decrypt the database, be sure to check for
SQLWarnings. The decryption succeeded only if there were no
SQLWarnings or SQLExceptions.