Booting an encrypted database

Booting an encrypted database If you create an encrypted database using the bootPassword=key attribute, you must specify the boot password to reboot the database. If you create an encrypted database using the encryptionKey=key attribute, you must specify the encryption key to reboot the database. encrypted databasesbooting

Encrypted databases cannot be booted automatically along with all other system databases on system startup (see "derby.system.bootAll" in the ). Instead, you boot an encrypted database when you first connect to the database.

Booting a database with the bootPassword=key attribute: To access an encrypted database called wombat that was created with the boot password clo760uds2caPe, use the following connection URL:jdbc:derby:wombat;bootPassword=clo760uds2caPe
Booting a database with the encryptionKey=key attribute: To access an encrypted database called flintstone that was created with the attributes encryptionKey=c566bab9ee8b62a5ddb4d9229224c678 and encryptionAlgorithm=AES/CBC/NoPadding, use the following connection URL: jdbc:derby:flintstone;encryptionKey=c566bab9ee8b62a5ddb4d9229224c678

After the database is booted, all connections can access the database without the boot password. Only a connection that boots the database requires the key.

For example, the following connections would boot the database and require the boot password or encryption key, depending on what mechanism was used to encrypt the database originally:

The first connection to the database in the JVM session
The first connection to the database after the database has been explicitly shut down
The first connection to the database after the system has been shut down and then rebooted

The boot password and the encryption key are not meant to prevent unauthorized connections to the database after the database is booted. To protect a database after it has been booted, turn on user authentication (see ).