You are viewing a plain text version of this content. The canonical link for it is here.
Posted to derby-commits@db.apache.org by ch...@apache.org on 2012/10/08 17:58:56 UTC
svn commit: r1395632 - /db/derby/docs/branches/10.9/src/devguide/
Author: chaase3
Date: Mon Oct 8 15:58:56 2012
New Revision: 1395632
URL: http://svn.apache.org/viewvc?rev=1395632&view=rev
Log:
DERBY-1721 DOCS - Remove duplicate information in Dev Guide re: Encryption
Merged DERBY-1721-2.diff to 10.9 docs branch from trunk revision 1395617.
Removed:
db/derby/docs/branches/10.9/src/devguide/tdevdvlp14496.dita
db/derby/docs/branches/10.9/src/devguide/tdevdvlp40140.dita
db/derby/docs/branches/10.9/src/devguide/tdevdvlpcreateencryptdbextkey.dita
Modified:
db/derby/docs/branches/10.9/src/devguide/cdevcsecure24366.dita
db/derby/docs/branches/10.9/src/devguide/cdevcsecure31493.dita
db/derby/docs/branches/10.9/src/devguide/cdevcsecure60146.dita
db/derby/docs/branches/10.9/src/devguide/cdevcsecure67151.dita
db/derby/docs/branches/10.9/src/devguide/cdevcsecure866716.dita
db/derby/docs/branches/10.9/src/devguide/cdevcsecure88690.dita
db/derby/docs/branches/10.9/src/devguide/cdevcsecure96815.dita
db/derby/docs/branches/10.9/src/devguide/cdevdvlp51654.dita
db/derby/docs/branches/10.9/src/devguide/derbydev.ditamap
db/derby/docs/branches/10.9/src/devguide/tdevcsecurenewbootpw.dita
db/derby/docs/branches/10.9/src/devguide/tdevcsecurenewextkey.dita
db/derby/docs/branches/10.9/src/devguide/tdevcsecurenewkeyoverview.dita
db/derby/docs/branches/10.9/src/devguide/tdevcsecureunencrypteddb.dita
Modified: db/derby/docs/branches/10.9/src/devguide/cdevcsecure24366.dita
URL: http://svn.apache.org/viewvc/db/derby/docs/branches/10.9/src/devguide/cdevcsecure24366.dita?rev=1395632&r1=1395631&r2=1395632&view=diff
==============================================================================
--- db/derby/docs/branches/10.9/src/devguide/cdevcsecure24366.dita (original)
+++ db/derby/docs/branches/10.9/src/devguide/cdevcsecure24366.dita Mon Oct 8 15:58:56 2012
@@ -37,7 +37,8 @@ are platform-independent files that are
number of ways, including transport over the Internet. Recipients of the data
might not know how, or might not have the means, to properly protect the data.</p>
<p>This data encryption feature provides the ability to store user data in
-an encrypted form. The user who boots the database must provide a boot password.</p>
+an encrypted form. The user who boots the database must provide a boot password
+or encryption key.</p>
<note>Jar files stored in the database are not encrypted.</note>
</conbody>
</concept>
Modified: db/derby/docs/branches/10.9/src/devguide/cdevcsecure31493.dita
URL: http://svn.apache.org/viewvc/db/derby/docs/branches/10.9/src/devguide/cdevcsecure31493.dita?rev=1395632&r1=1395631&r2=1395632&view=diff
==============================================================================
--- db/derby/docs/branches/10.9/src/devguide/cdevcsecure31493.dita (original)
+++ db/derby/docs/branches/10.9/src/devguide/cdevcsecure31493.dita Mon Oct 8 15:58:56 2012
@@ -21,7 +21,7 @@ limitations under the License.
<concept id="cdevcsecure31493" xml:lang="en-us">
<title>Specifying an alternate encryption provider</title>
<shortdesc>You can specify an alternate provider when you create the database
-with the <codeph><i>encryptionProvider=providerName</i></codeph> attribute.</shortdesc>
+with the <i>encryptionProvider=providerName</i> attribute.</shortdesc>
<prolog><metadata>
<keywords><indexterm>Encryption providers<indexterm>configuring</indexterm></indexterm>
</keywords>
@@ -29,20 +29,18 @@ with the <codeph><i>encryptionProvider=p
<conbody>
<p>You must specify the full package and class name of the provider, and you
must also add the libraries to the application's classpath.</p>
-<!-- I assume to use jce_jdk13-10b4.zip here is ok since it's an example. Bernt -->
-<codeblock><b>-- using the the provider library jce_jdk13-10b4.zip|
+<codeblock><b>-- using the the provider library bcprov-jdk15on-147.jar
-- available from www.bouncycastle.org</b>
jdbc:derby:encryptedDB3;create=true;dataEncryption=true;
bootPassword=clo760uds2caPe;
encryptionProvider=org.bouncycastle.jce.provider.BouncyCastleProvider;
encryptionAlgorithm=DES/CBC/NoPadding
-<b>-- using a provider
--- available from
--- http://jcewww.iaik.tu-graz.ac.at/download.html</b>
+<b>-- using a provider available from
+-- http://jce.iaik.tugraz.at/sic/Download</b>
jdbc:derby:encryptedDB3;create=true;dataEncryption=true;
bootPassword=clo760uds2caPe;
-encryptionProvider=iaik.security.provider.IAIK;encryptionAlgorithm=
-DES/CBC/NoPadding</codeblock>
+encryptionProvider=iaik.security.provider.IAIK;
+encryptionAlgorithm=DES/CBC/NoPadding</codeblock>
</conbody>
</concept>
Modified: db/derby/docs/branches/10.9/src/devguide/cdevcsecure60146.dita
URL: http://svn.apache.org/viewvc/db/derby/docs/branches/10.9/src/devguide/cdevcsecure60146.dita?rev=1395632&r1=1395631&r2=1395632&view=diff
==============================================================================
--- db/derby/docs/branches/10.9/src/devguide/cdevcsecure60146.dita (original)
+++ db/derby/docs/branches/10.9/src/devguide/cdevcsecure60146.dita Mon Oct 8 15:58:56 2012
@@ -19,10 +19,10 @@ limitations under the License.
-->
<concept id="cdevcsecure60146" xml:lang="en-us">
<title>Booting an encrypted database</title>
-<shortdesc>If you create an encrypted database using the <i>bootPassword</i> attribute,
-you must specify the boot password to reboot the database. If you create an
-encrypted database using the <i>encryptionKey</i> attribute, you must specify
-the <i>encryptionKey</i> to reboot the database.</shortdesc>
+<shortdesc>If you create an encrypted database using the <i>bootPassword=key</i>
+attribute, you must specify the boot password to reboot the database. If you
+create an encrypted database using the <i>encryptionKey=key</i> attribute, you
+must specify the encryption key to reboot the database.</shortdesc>
<prolog><metadata>
<keywords><indexterm>encrypted databases<indexterm>booting</indexterm></indexterm>
</keywords>
@@ -30,20 +30,21 @@ the <i>encryptionKey</i> to reboot the d
<conbody>
<p>Encrypted databases cannot be booted automatically along with all other
system databases on system startup (see "<i>derby.system.bootAll</i>" in the
-<ph conref="../conrefs.dita#pub/citref"></ph>). Instead, you boot encrypted
-databases when you first connect to the database.</p>
+<ph conref="../conrefs.dita#pub/citref"></ph>). Instead, you boot an encrypted
+database when you first connect to the database.</p>
<p><dl><dlentry>
-<dt>Booting a database with the <i>bootPassword</i> attribute</dt>
+<dt>Booting a database with the <i>bootPassword=key</i> attribute</dt>
<dd>To access an encrypted database called <codeph>wombat</codeph> that was
created with the boot password <codeph>clo760uds2caPe</codeph>, use the following
connection URL:<codeblock>jdbc:derby:wombat;bootPassword=clo760uds2caPe</codeblock></dd>
</dlentry><dlentry>
-<dt>Booting a database with the <i>encryptionKey</i> attribute</dt>
+<dt>Booting a database with the <i>encryptionKey=key</i> attribute</dt>
<dd>To access an encrypted database called <codeph>flintstone</codeph> that
-was created with the <codeph>encryptionKey=c566bab9ee8b62a5ddb4d9229224c678</codeph> and
-with the <codeph>encryptionAlgorithm=AES/CBC/NoPadding</codeph>, use the following
-connection URL: <codeblock>jdbc:derby:flintstone;encryptionAlgorithm=AES/CBC/NoPadding;
-encryptionKey=c566bab9ee8b62a5ddb4d9229224c678 </codeblock></dd>
+was created with the attributes
+<codeph>encryptionKey=c566bab9ee8b62a5ddb4d9229224c678</codeph> and
+<codeph>encryptionAlgorithm=AES/CBC/NoPadding</codeph>, use the following
+connection URL:
+<codeblock>jdbc:derby:flintstone;encryptionKey=c566bab9ee8b62a5ddb4d9229224c678</codeblock></dd>
</dlentry></dl></p>
<p>After the database is booted, all connections can access the database without
the boot password. Only a connection that boots the database requires the
Modified: db/derby/docs/branches/10.9/src/devguide/cdevcsecure67151.dita
URL: http://svn.apache.org/viewvc/db/derby/docs/branches/10.9/src/devguide/cdevcsecure67151.dita?rev=1395632&r1=1395631&r2=1395632&view=diff
==============================================================================
--- db/derby/docs/branches/10.9/src/devguide/cdevcsecure67151.dita (original)
+++ db/derby/docs/branches/10.9/src/devguide/cdevcsecure67151.dita Mon Oct 8 15:58:56 2012
@@ -59,8 +59,8 @@ the <i>encryptionAlgorithm=algorithm</i>
is not supported by the provider you have specified, <ph conref="../conrefs.dita#prod/productshortname"></ph> throws
an exception.</p>
<p>To specify the AES encryption algorithm with a key length other than the
-default of 128, specify the <i>encryptionKeyLength</i> attribute. For example,
-you might specify the following connection attributes:</p>
+default of 128, specify the <i>encryptionKeyLength=length</i> attribute. For
+example, you might specify the following connection attributes:</p>
<codeblock>
jdbc:derby:encdbcbc_192;create=true;dataEncryption=true;
encryptionKeyLength=192;encryptionAlgorithm=AES/CBC/NoPadding;
Modified: db/derby/docs/branches/10.9/src/devguide/cdevcsecure866716.dita
URL: http://svn.apache.org/viewvc/db/derby/docs/branches/10.9/src/devguide/cdevcsecure866716.dita?rev=1395632&r1=1395631&r2=1395632&view=diff
==============================================================================
--- db/derby/docs/branches/10.9/src/devguide/cdevcsecure866716.dita (original)
+++ db/derby/docs/branches/10.9/src/devguide/cdevcsecure866716.dita Mon Oct 8 15:58:56 2012
@@ -19,9 +19,10 @@ See the License for the specific languag
limitations under the License.
-->
<concept id="cdevcsecure866716" xml:lang="en-us">
-<title>Creating the boot password</title>
-<shortdesc>When you encrypt a database you must also specify a boot password,
-which is an alpha-numeric string used to generate the encryption key.</shortdesc>
+<title>Creating a boot password</title>
+<shortdesc>When you encrypt a database you usually specify a boot password,
+which is an alphanumeric string used to generate the encryption key. (You can
+also specify an encryption key directly.)</shortdesc>
<prolog></prolog>
<conbody>
<p>The length of the encryption key depends on the algorithm used:</p>
@@ -36,14 +37,15 @@ of bytes in the encryption key (56 bits=
bytes). The minimum number of characters for the boot password allowed by <ph
conref="../conrefs.dita#prod/productshortname"></ph> is eight.</note>
<p>It is a good idea not to use words that would be easily guessed, such as
-a login name or simple words or numbers. A <i>bootPassword</i>, like any password,
-should be a mix of numbers and upper- and lowercase letters.</p>
+a login name or simple words or numbers. A boot password, like any password,
+should be a mix of numbers and uppercase and lowercase letters.</p>
<p>You turn on and configure encryption and specify the corresponding boot
password on the connection URL for a database when you create it:</p>
<codeblock>jdbc:derby:encryptionDB1;create=true;dataEncryption=true;
- bootPassword=clo760uds2caPe</codeblock>
-<note>If you lose the <i>bootPassword</i> and the database is not currently
+bootPassword=clo760uds2caPe</codeblock>
+<note>If you lose the boot password and the database is not currently
booted, you will not be able to connect to the database anymore. (If you know
-the current <i>bootPassword</i>, you can change it. See <xref href="tdevcsecurenewkeyoverview.dita"></xref>.)</note>
+the current boot password, you can change it. See
+<xref href="tdevcsecurenewkeyoverview.dita"></xref>.)</note>
</conbody>
</concept>
Modified: db/derby/docs/branches/10.9/src/devguide/cdevcsecure88690.dita
URL: http://svn.apache.org/viewvc/db/derby/docs/branches/10.9/src/devguide/cdevcsecure88690.dita?rev=1395632&r1=1395631&r2=1395632&view=diff
==============================================================================
--- db/derby/docs/branches/10.9/src/devguide/cdevcsecure88690.dita (original)
+++ db/derby/docs/branches/10.9/src/devguide/cdevcsecure88690.dita Mon Oct 8 15:58:56 2012
@@ -20,23 +20,35 @@ limitations under the License.
-->
<concept id="cdevcsecure88690" xml:lang="en-us">
<title>Encrypting databases on creation</title>
-<shortdesc>You configure a <ph conref="../conrefs.dita#prod/productshortname"></ph> database
-for encryption when you create the database by specifying the <i>dataEncryption=true</i> attribute
-on the connection URL.</shortdesc>
+<shortdesc>You configure a
+<ph conref="../conrefs.dita#prod/productshortname"></ph> database for encryption
+when you create the database by specifying attributes on the connection URL.</shortdesc>
<prolog><metadata>
<keywords><indexterm>encrypting databases<indexterm>on creation</indexterm></indexterm>
<indexterm>databases<indexterm>encrypting, on creation</indexterm></indexterm>
</keywords>
</metadata></prolog>
<conbody>
-<p> The Java Runtime Environment (JRE) determines the default encryption provider,
-as follows:</p>
<ul>
-<li>For J2SE/J2EE 1.4 or higher, the JRE's provider is the default.</li>
-<li>If your environment for some reason does not include a provider, it must be specified.</li>
+<li>To enable encryption, use the <i>dataEncryption=true</i> attribute.</li>
+<li>To provide a key for the encryption, specify either the
+<i>bootPassword=key</i> attribute or the <i>encryptionKey=key</i>
+attribute.</li>
</ul>
-<p>You have the option of specifying an alternate encryption provider. The
-default encryption algorithm is DES, but you have the option of specifying
-an alternate algorithm as well. See <xref href="cdevcsecure31493.dita#cdevcsecure31493"></xref></p>
+<p>The following connection URL specifies a boot password:</p>
+<codeblock>jdbc:derby:encryptedDB;create=true;dataEncryption=true;
+bootPassword=DBpassword</codeblock>
+<p>The following URL specifies an encryption key:
+<codeblock>jdbc:derby:encryptedDB;create=true;dataEncryption=true;
+encryptionKey=6162636465666768</codeblock></p>
+<p>The default encryption algorithm is DES.</p>
+<p>You can specify an encryption provider and/or encryption algorithm
+other than the defaults by using the <i>encryptionProvider=providerName</i> and
+<i>encryptionAlgorithm=algorithm</i> attributes. See
+<xref href="cdevcsecure31493.dita#cdevcsecure31493"></xref> and
+<xref href="cdevcsecure67151.dita#cdevcsecure67151"></xref> for more
+information.</p>
+<p>See the <ph conref="../conrefs.dita#pub/citref"></ph> for details on the
+connection URL attributes.</p>
</conbody>
</concept>
Modified: db/derby/docs/branches/10.9/src/devguide/cdevcsecure96815.dita
URL: http://svn.apache.org/viewvc/db/derby/docs/branches/10.9/src/devguide/cdevcsecure96815.dita?rev=1395632&r1=1395631&r2=1395632&view=diff
==============================================================================
--- db/derby/docs/branches/10.9/src/devguide/cdevcsecure96815.dita (original)
+++ db/derby/docs/branches/10.9/src/devguide/cdevcsecure96815.dita Mon Oct 8 15:58:56 2012
@@ -28,12 +28,18 @@ limitations under the License.
<p>
<ph conref="../conrefs.dita#prod/productshortname"></ph> supports disk
encryption and requires an encryption provider. An encryption provider
-implements the Java cryptography concepts. The JRE for Java SE 1.4 and
-higher includes Java Cryptographic Extensions (JCE, part of the
+implements the Java cryptography concepts. The Java Runtime Environment (JRE)
+for Java SE includes Java Cryptographic Extensions (JCE, part of the
Java Cryptography Architecture) and one or more default encryption providers.
For more information, see the <i><xref format="html"
href="http://download.oracle.com/javase/6/docs/technotes/guides/security/crypto/CryptoSpec.html"
scope="external">Java Cryptography Architecture (JCA) Reference Guide</xref></i>.
</p>
+<p> The JRE determines the default encryption provider as follows:</p>
+<ul>
+<li>The JRE's provider is the default.</li>
+<li>If your environment for some reason does not include a provider, it must be
+specified.</li>
+</ul>
</conbody>
</concept>
Modified: db/derby/docs/branches/10.9/src/devguide/cdevdvlp51654.dita
URL: http://svn.apache.org/viewvc/db/derby/docs/branches/10.9/src/devguide/cdevdvlp51654.dita?rev=1395632&r1=1395631&r2=1395632&view=diff
==============================================================================
--- db/derby/docs/branches/10.9/src/devguide/cdevdvlp51654.dita (original)
+++ db/derby/docs/branches/10.9/src/devguide/cdevdvlp51654.dita Mon Oct 8 15:58:56 2012
@@ -38,6 +38,16 @@ If you specify any attributes both on th
<i>Properties</i> object, the attributes on the connection URL override the
attributes in the <i>Properties</i> object.</p>
<p>All attributes are optional. </p>
+<p>For more information on working with connection URL attributes, see the
+following:
+<ul>
+<li><xref href="cdevcsecure24366.dita#cdevcsecure24366"></xref> for information
+on database encryption</li>
+<li><ph conref="../conrefs.dita#pub/citadmin"></ph> for information on tracing
+network clients, replicating databases, restoring databases from backup, and
+logging on separate devices</li>
+</ul>
+</p>
<p>For complete information about the attributes, see "Setting attributes for
the database connection URL" in the
<ph conref="../conrefs.dita#pub/citref"></ph>.</p>
Modified: db/derby/docs/branches/10.9/src/devguide/derbydev.ditamap
URL: http://svn.apache.org/viewvc/db/derby/docs/branches/10.9/src/devguide/derbydev.ditamap?rev=1395632&r1=1395631&r2=1395632&view=diff
==============================================================================
--- db/derby/docs/branches/10.9/src/devguide/derbydev.ditamap (original)
+++ db/derby/docs/branches/10.9/src/devguide/derbydev.ditamap Mon Oct 8 15:58:56 2012
@@ -292,10 +292,6 @@ limitations under the License.
</topicref>
<topicref href="tdevdvlp12233.dita" navtitle="Providing a user name and password">
</topicref>
-<topicref href="tdevdvlp14496.dita" navtitle="Encrypting a database when you create it">
-</topicref>
-<topicref href="tdevdvlp40140.dita" navtitle="Booting an encrypted database">
-</topicref>
<topicref href="tdevdvlp36289.dita" navtitle="Specifying attributes in a properties object">
</topicref>
</relcell>
@@ -308,10 +304,6 @@ limitations under the License.
<relcell>
<topicref href="tdevdvlp12233.dita" navtitle="Providing a user name and password">
</topicref>
-<topicref href="tdevdvlp14496.dita" navtitle="Encrypting a database when you create it">
-</topicref>
-<topicref href="tdevdvlp40140.dita" navtitle="Booting an encrypted database">
-</topicref>
<topicref href="tdevdvlp36289.dita" navtitle="Specifying attributes in a properties object">
</topicref>
</relcell>
@@ -328,40 +320,6 @@ limitations under the License.
</relrow>
<relrow>
<relcell>
-<topicref href="tdevdvlp14496.dita" navtitle="Encrypting a database when you create it">
-</topicref>
-</relcell>
-<relcell>
-<topicref href="tdevdvlp40140.dita" navtitle="Booting an encrypted database">
-</topicref>
-<topicref href="cdevcsecure24366.dita" navtitle="Encrypting databases on disk">
-</topicref>
-</relcell>
-</relrow>
-<relrow>
-<relcell>
-<topicref href="tdevdvlpcreateencryptdbextkey.dita" navtitle="Creating an encrypted database with an external key">
-</topicref>
-</relcell>
-<relcell>
-<topicref href="tdevdvlp40140.dita" navtitle="Booting an encrypted database">
-</topicref>
-<topicref href="tdevdvlp14496.dita" navtitle="Encrypting a database when you create it">
-</topicref>
-</relcell>
-</relrow>
-<relrow>
-<relcell>
-<topicref href="tdevdvlp40140.dita" navtitle="Booting an encrypted database">
-</topicref>
-</relcell>
-<relcell>
-<topicref href="cdevcsecure24366.dita" navtitle="Encrypting databases on disk">
-</topicref>
-</relcell>
-</relrow>
-<relrow>
-<relcell>
<topicref href="cdevstart16043.dita" navtitle="The installation directory">
</topicref>
</relcell>
@@ -1420,7 +1378,7 @@ limitations under the License.
</topicref>
</relcell>
<relcell>
-<topicref href="cdevcsecure866716.dita" navtitle="Creating the boot password">
+<topicref href="cdevcsecure866716.dita" navtitle="Creating a boot password">
</topicref>
<topicref href="cdevcsecure60146.dita" navtitle="Booting an encrypted database">
</topicref>
@@ -1773,12 +1731,6 @@ limitations under the License.
</topicref>
<topicref href="tdevdvlpcollation.dita" navtitle="Creating a database with territory-based collation">
</topicref>
-<topicref href="tdevdvlp14496.dita" navtitle="Encrypting a database when you create it">
-</topicref>
-<topicref href="tdevdvlpcreateencryptdbextkey.dita" navtitle="Creating an encrypted database with an external key">
-</topicref>
-<topicref href="tdevdvlp40140.dita" navtitle="Booting an encrypted database">
-</topicref>
<topicref href="tdevdvlp36289.dita" navtitle="Specifying attributes in a properties object">
</topicref>
</topicref>
Modified: db/derby/docs/branches/10.9/src/devguide/tdevcsecurenewbootpw.dita
URL: http://svn.apache.org/viewvc/db/derby/docs/branches/10.9/src/devguide/tdevcsecurenewbootpw.dita?rev=1395632&r1=1395631&r2=1395632&view=diff
==============================================================================
--- db/derby/docs/branches/10.9/src/devguide/tdevcsecurenewbootpw.dita (original)
+++ db/derby/docs/branches/10.9/src/devguide/tdevcsecurenewbootpw.dita Mon Oct 8 15:58:56 2012
@@ -21,8 +21,8 @@ limitations under the License.
<task id="tdevcsecurenewbootpw" xml:lang="en-us">
<title>Encrypting databases with a new boot password</title>
<shortdesc>You can apply a new boot password to a <ph conref="../conrefs.dita#prod/productshortname"></ph> database
-by specifying the <i>newBootPassword</i> attribute on the connection URL when
-you boot the database.</shortdesc>
+by specifying the <i>newBootPassword=newPassword</i> attribute on the connection
+URL when you boot the database.</shortdesc>
<prolog><metadata>
<keywords><indexterm>encrypting databases<indexterm>new boot password</indexterm></indexterm>
<indexterm>databases<indexterm>encrypting, new boot password</indexterm></indexterm>
@@ -33,23 +33,26 @@ you boot the database.</shortdesc>
<li>If the database is configured with log archival for roll-forward recovery,
you must disable log archival and perform a shutdown before you can encrypt
the database with a new boot password. </li>
-<li>If there are any global transaction that are in the prepared state after
+<li>If any global transactions are in the prepared state after
recovery, the database cannot be encrypted with a new boot password.</li>
<li>If the database is currently encrypted with an external encryption key,
-you should use the <xref href="tdevcsecurenewextkey.dita#tdevcsecurenewextkey"><i>newEncryptionKey</i></xref> attribute
-to encrypt the database.</li>
+<xref href="tdevcsecurenewextkey.dita#tdevcsecurenewextkey">use the
+<i>newEncryptionKey=key</i> attribute</xref> to encrypt the database.</li>
</ul></prereq>
-<context><p>When you use the <i>newBootPassword</i> attribute, a new encryption
-key is generated internally by the engine and the key is protected using the
-new boot password. The newly generated encryption key encrypts the database,
+<context><p>When you use the <i>newBootPassword=newPassword</i> attribute, a new
+encryption key is generated internally by the engine, and the key is protected
+using the new boot password. The newly generated encryption key encrypts the database,
including the existing data. You cannot change the encryption provider or
encryption algorithm when you apply a new boot password.</p><p>To encrypt
a database with a new boot password:</p></context>
<steps>
-<step><cmd>Specify the <i>newBootPassword</i> attribute in a URL and reboot
-the database.</cmd><stepxmp>For example, when the following URL is used when
-the <codeph>salesdb</codeph> database is rebooted, the database is encrypted
-with the new encryption key, and is protected by the password new1234xyz:<codeblock> jdbc:derby:salesdb;bootPassword=abc1234xyz;newBootPassword=new1234xyz</codeblock
+<step><cmd>Specify the <i>newBootPassword=newPassword</i> attribute in a URL and
+reboot the database.</cmd>
+<stepxmp>For example, if you use the following URL to reboot
+the <codeph>salesdb</codeph> database, the database is encrypted
+with the new encryption key and is protected by the password
+<codeph>new1234xyz</codeph>:
+<codeblock>jdbc:derby:salesdb;bootPassword=abc1234xyz;newBootPassword=new1234xyz</codeblock
></stepxmp>
<info>
<p>
Modified: db/derby/docs/branches/10.9/src/devguide/tdevcsecurenewextkey.dita
URL: http://svn.apache.org/viewvc/db/derby/docs/branches/10.9/src/devguide/tdevcsecurenewextkey.dita?rev=1395632&r1=1395631&r2=1395632&view=diff
==============================================================================
--- db/derby/docs/branches/10.9/src/devguide/tdevcsecurenewextkey.dita (original)
+++ db/derby/docs/branches/10.9/src/devguide/tdevcsecurenewextkey.dita Mon Oct 8 15:58:56 2012
@@ -21,7 +21,7 @@ limitations under the License.
<task id="tdevcsecurenewextkey" xml:lang="en-us">
<title>Encrypting databases with a new external encryption key</title>
<shortdesc>You can apply a new external encryption key to a <ph conref="../conrefs.dita#prod/productshortname"></ph> database
-by specifying the <i>newEncryptionKey</i> attribute on the connection URL
+by specifying the <i>newEncryptionKey=key</i> attribute on the connection URL
when you boot the database.</shortdesc>
<prolog><metadata>
<keywords><indexterm>encrypting databases<indexterm>new external key</indexterm></indexterm>
@@ -33,19 +33,22 @@ when you boot the database.</shortdesc>
<li>If the database is configured with log archival for roll-forward recovery,
you must disable log archival and perform a shutdown before you can encrypt
the database with a new external encryption key. </li>
-<li>If there are any global transaction that are in the prepared state after
+<li>If any global transaction are in the prepared state after
recovery, the database cannot be encrypted with a new encryption key.</li>
-<li>If the database is currently encrypted with a boot password , you should
-use the <xref href="tdevcsecurenewbootpw.dita#tdevcsecurenewbootpw"><i>newBootPassword</i></xref> attribute
-to encrypt the database.</li>
+<li>If the database is currently encrypted with a boot password,
+<xref href="tdevcsecurenewbootpw.dita#tdevcsecurenewbootpw">use the
+<i>newBootPassword=newPassword</i> attribute</xref> to encrypt the
+database.</li>
</ul></prereq>
<context><p>To encrypt a database with a new external encryption key:</p></context>
<steps>
-<step><cmd>Specify the <i>newEncryptionKey</i> attribute in a URL and reboot
-the database.</cmd><stepxmp>For example, when the following URL is used when
-the <codeph>salesdb</codeph> database is rebooted, the database is encrypted
-with the new encryption key 6862636465666768:<codeblock>jdbc:derby:salesdb;encryptionKey=6162636465666768;newEncryptionKey=6862636465666768'</codeblock
-></stepxmp>
+<step><cmd>Specify the <i>newEncryptionKey=key</i> attribute in a URL and reboot
+the database.</cmd><stepxmp>For example, if you use the following URL to reboot
+the <codeph>salesdb</codeph> database, the database is encrypted
+with the new encryption key <codeph>6862636465666768</codeph>:
+<codeblock>jdbc:derby:salesdb;encryptionKey=6162636465666768;
+newEncryptionKey=6862636465666768'</codeblock>
+</stepxmp>
<info>
<p>
If <xref href="cdevcsecure36127.dita#cdevcsecure36127">authentication</xref>
Modified: db/derby/docs/branches/10.9/src/devguide/tdevcsecurenewkeyoverview.dita
URL: http://svn.apache.org/viewvc/db/derby/docs/branches/10.9/src/devguide/tdevcsecurenewkeyoverview.dita?rev=1395632&r1=1395631&r2=1395632&view=diff
==============================================================================
--- db/derby/docs/branches/10.9/src/devguide/tdevcsecurenewkeyoverview.dita (original)
+++ db/derby/docs/branches/10.9/src/devguide/tdevcsecurenewkeyoverview.dita Mon Oct 8 15:58:56 2012
@@ -28,10 +28,10 @@ by specifying a new boot password or a n
</keywords>
</metadata></prolog>
<taskbody>
-<context><p>Encrypting a database with a new encryption key is a time consuming
+<context><p>Encrypting a database with a new encryption key is a time-consuming
process because it involves encrypting all of the existing data in the database
with the new encryption key. If the process is interrupted before completion,
-all the changes are rolled back the next time that the database is booted.
+all the changes are rolled back the next time the database is booted.
If the interruption occurs immediately after the database is encrypted with
the new encryption key but before the connection is returned to the application,
you might not be able to boot the database with the old encryption key. In
@@ -40,7 +40,7 @@ encryption key. </p><note othertype="Rec
you have enough free disk space before you encrypt a database with a new key.
In addition to the disk space required for the current size of the database,
temporary disk space is required to store the old version of the data to restore
-the database back to it's original state if the new encryption is interrupted
+the database back to its original state if the new encryption is interrupted
or returns errors. All of the temporary disk space is released back to the
operating system after the database is reconfigured to work with the new encryption
key.</note><p>To encrypt a database with a new encryption key:</p></context>
@@ -49,9 +49,11 @@ key.</note><p>To encrypt a database with
database:</cmd>
<choices>
<choice>To <xref href="tdevcsecurenewbootpw.dita#tdevcsecurenewbootpw">encrypt
-the database with a new boot password key</xref>, use the <i>newBootPassword</i> attribute.</choice>
+the database with a new boot password key</xref>, use the
+<i>newBootPassword=newPassword</i> attribute.</choice>
<choice>To <xref href="tdevcsecurenewextkey.dita#tdevcsecurenewextkey">encrypt
-the database with a new external encryption key</xref>, use the <i>newEncryptionKey</i> attribute.</choice>
+the database with a new external encryption key</xref>, use the
+<i>newEncryptionKey=key</i> attribute.</choice>
</choices>
<info>
If <xref href="cdevcsecure36127.dita#cdevcsecure36127">authentication</xref>
Modified: db/derby/docs/branches/10.9/src/devguide/tdevcsecureunencrypteddb.dita
URL: http://svn.apache.org/viewvc/db/derby/docs/branches/10.9/src/devguide/tdevcsecureunencrypteddb.dita?rev=1395632&r1=1395631&r2=1395632&view=diff
==============================================================================
--- db/derby/docs/branches/10.9/src/devguide/tdevcsecureunencrypteddb.dita (original)
+++ db/derby/docs/branches/10.9/src/devguide/tdevcsecureunencrypteddb.dita Mon Oct 8 15:58:56 2012
@@ -32,18 +32,24 @@ The attributes that you specify depend o
<prereq><ul>
<li>If the database is configured with log archival, you must disable log
archival and perform a shutdown before you can encrypt the database. </li>
-<li>If there are any global transaction that are in the prepared state after
+<li>If any global transactions are in the prepared state after
recovery, the database cannot be encrypted.</li>
</ul></prereq>
<context><p>When you encrypt an existing, unencrypted database, you can specify
-whether the database should be encrypted using a boot password or an external
-encryption key. You can also specify the <i>encryptionProvider</i> attribute
-and the <i>encryptionAlgorithm</i> attribute on the connection URL. The database
-is configure with the specified encryption attributes and all of the existing
-data in the database is encrypted. </p><p>Encrypting a database is a time
-consuming process because it involves encrypting all of the existing data
+whether the database should be encrypted using a boot password
+(<i>bootPassword=key</i>) or an external encryption key
+(<i>encryptionKey=key</i>). You can also specify the
+<i>encryptionProvider=providerName</i> attribute and the
+<i>encryptionAlgorithm=algorithm</i> attribute on the connection URL. The
+database
+is configured with the specified encryption attributes, and all of the existing
+data in the database is encrypted.</p>
+<p>See the <ph conref="../conrefs.dita#pub/citref"></ph> for details on the
+connection URL attributes.</p>
+<p>Encrypting a database is a
+time-consuming process because it involves encrypting all of the existing data
in the database. If the process is interrupted before completion, all the
-changes are rolled back the next time that the database is booted. If the
+changes are rolled back the next time the database is booted. If the
interruption occurs immediately after the database is encrypted but before
the connection is returned to the application, you might not be able to boot
the database without the boot password or external encryption key. In these
@@ -52,13 +58,14 @@ or the external encryption key. </p><not
that you have enough free disk space before you encrypt a database. In addition
to the disk space required for the current size of the database, temporary
disk space is required to store the old version of the data to restore the
-database back to it's original state if the encryption is interrupted or returns
+database back to its original state if the encryption is interrupted or returns
errors. All of the temporary disk space is released back to the operating
system after the database is encrypted.</note><p>To encrypt an existing unencrypted
database:</p></context>
<steps>
-<step><cmd>Specify the <i>dataEncryption=true</i> attribute and either the <i>encryptionKey</i> attribute
-or the <i>bootPassword</i> attribute in a URL and boot the database.</cmd>
+<step><cmd>Specify the <i>dataEncryption=true</i> attribute and either the
+<i>encryptionKey=key</i> attribute or the <i>bootPassword=key</i> attribute in
+a connection URL and boot the database.</cmd>
<stepxmp>For example, to encrypt the <codeph>salesdb</codeph> database with
the boot password <codeph>abc1234xyz</codeph>, specify the following attributes
in the URL:<codeblock>jdbc:derby:salesdb;dataEncryption=true;bootPassword=abc1234xyz </codeblock></stepxmp>