Specifying an alternate encryption algorithm

Specifying an alternate encryption algorithm supports the following encryption algorithms. Encryption algorithmsconfiguring

DES (the default)
DESede (also known as triple DES)
Any encryption algorithm that fulfills the following requirements:
- It is symmetric
- It is a block cipher, with a block size of 8 bytes
- It uses the NoPadding padding scheme
- Its secret key can be represented as an arbitrary byte array
- It requires exactly one initialization parameter, an initialization vector of type javax.crypto.spec.IvParameterSpec
- It can use javax.crypto.spec.SecretKeySpec to represent its key
For example, the algorithm Blowfish implemented in the Java Cryptography Extension (JCE) packages (javax.crypto.*) fulfills these requirements.

By Java convention, an encryption algorithm is specified like this:

algorithmName/feedbackMode/padding

The only feedback modes allowed are:

The only padding mode allowed is NoPadding.

By default, uses the DES algorithm of DES/CBC/NoPadding.

To specify an alternate encryption algorithm when you create a database, use the encryptionAlgorithm=algorithm attribute. If the algorithm you specify is not supported by the provider you have specified, throws an exception.

To specify the AES encryption algorithm with a key length other than the default of 128, specify the encryptionKeyLength=length attribute. For example, you might specify the following connection attributes:

jdbc:derby:encdbcbc_192;create=true;dataEncryption=true; encryptionKeyLength=192;encryptionAlgorithm=AES/CBC/NoPadding; bootPassword=Thursday

To use the AES algorithm with a key length of 192 or 256, you must use unrestricted policy jar files for your JRE. You can obtain these files from your Java provider. They might have a name like "Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files." If you specify a non-default key length using the default policy jar files, a Java exception occurs.