You are viewing a plain text version of this content. The canonical link for it is here.
Posted to derby-commits@db.apache.org by jt...@apache.org on 2006/08/30 02:18:48 UTC

svn commit: r438307 - /db/derby/docs/trunk/src/devguide/

Author: jta
Date: Tue Aug 29 17:18:47 2006
New Revision: 438307

URL: http://svn.apache.org/viewvc?rev=438307&view=rev
Log:
DERBY-1636 Update Developers Guide to document encryption of an un-encrypted 
database and re-encryption with new password/key.

Committed patch derby1636_devguide5.diff by Laura Stewart <sc...@gmail.com>.

Added:
    db/derby/docs/trunk/src/devguide/tdevcsecurenewbootpw.dita   (with props)
    db/derby/docs/trunk/src/devguide/tdevcsecurenewextkey.dita   (with props)
    db/derby/docs/trunk/src/devguide/tdevcsecurenewkeyoverview.dita   (with props)
    db/derby/docs/trunk/src/devguide/tdevcsecureunencrypteddb.dita   (with props)
Modified:
    db/derby/docs/trunk/src/devguide/cdevcsecure60146.dita
    db/derby/docs/trunk/src/devguide/cdevcsecure88690.dita
    db/derby/docs/trunk/src/devguide/cdevcsecure97760.dita
    db/derby/docs/trunk/src/devguide/derbydev.ditamap
    db/derby/docs/trunk/src/devguide/tdevdvlp14496.dita
    db/derby/docs/trunk/src/devguide/tdevdvlp40140.dita

Modified: db/derby/docs/trunk/src/devguide/cdevcsecure60146.dita
URL: http://svn.apache.org/viewvc/db/derby/docs/trunk/src/devguide/cdevcsecure60146.dita?rev=438307&r1=438306&r2=438307&view=diff
==============================================================================
--- db/derby/docs/trunk/src/devguide/cdevcsecure60146.dita (original)
+++ db/derby/docs/trunk/src/devguide/cdevcsecure60146.dita Tue Aug 29 17:18:47 2006
@@ -1,5 +1,4 @@
 <?xml version="1.0" encoding="utf-8"?>
- 
 <!DOCTYPE concept PUBLIC "-//OASIS//DTD DITA Concept//EN"
  "../dtd/concept.dtd">
 <!-- 
@@ -43,15 +42,15 @@
 <dd>To access an encrypted database called <codeph>flintstone</codeph> that
 was created with the <codeph>encryptionKey=c566bab9ee8b62a5ddb4d9229224c678</codeph> and
 with the <codeph>encryptionAlgorithm=AES/CBC/NoPadding</codeph>, use the following
-connection URL:   <codeblock>jdbc:derby:flintstone;encryptionAlgorithm=AES/CBC/NoPadding;encryptionKey=c566bab9ee8b62a5ddb4d9229224c678  </codeblock
-></dd>
+connection URL:   <codeblock>jdbc:derby:flintstone;encryptionAlgorithm=AES/CBC/NoPadding;
+encryptionKey=c566bab9ee8b62a5ddb4d9229224c678  </codeblock></dd>
 </dlentry></dl></p>
 <p>After the database is booted, all connections can access the database without
 the boot password. Only a connection that boots the database requires the
 key.</p>
 <p>For example, the following connections would boot the database and require
-the boot password or encryption key,depending on what mechanism was used to
-encrypt the database originally:<ul>
+the boot password or encryption key, depending on what mechanism was used
+to encrypt the database originally:<ul>
 <li>The first connection to the database in the JVM session</li>
 <li>The first connection to the database after the database has been explicitly
 shut down</li>

Modified: db/derby/docs/trunk/src/devguide/cdevcsecure88690.dita
URL: http://svn.apache.org/viewvc/db/derby/docs/trunk/src/devguide/cdevcsecure88690.dita?rev=438307&r1=438306&r2=438307&view=diff
==============================================================================
--- db/derby/docs/trunk/src/devguide/cdevcsecure88690.dita (original)
+++ db/derby/docs/trunk/src/devguide/cdevcsecure88690.dita Tue Aug 29 17:18:47 2006
@@ -1,5 +1,5 @@
 <?xml version="1.0" encoding="utf-8"?>
-
+ 
 <!DOCTYPE concept PUBLIC "-//OASIS//DTD DITA Concept//EN"
  "../dtd/concept.dtd">
 <!-- 
@@ -20,12 +20,12 @@
 -->
 <concept id="cdevcsecure88690" xml:lang="en-us">
 <title>Encrypting databases on creation</title>
-<shortdesc><ph conref="devconrefs.dita#prod/productshortname"></ph> allows
-you to configure a database for encryption when you create it. To do so, you
-specify <i>dataEncryption=true</i> on the connection URL.</shortdesc>
+<shortdesc>You configure a <ph conref="devconrefs.dita#prod/productshortname"></ph> database
+for encryption when you create the database by specifying the <i>dataEncryption=true</i> attribute
+on the connection URL.</shortdesc>
 <prolog><metadata>
-<keywords><indexterm>Encrypted databases<indexterm>creating</indexterm></indexterm>
-<indexterm>Data encryption<indexterm>configuring</indexterm></indexterm><indexterm>Encryption<indexterm>configuring</indexterm></indexterm>
+<keywords><indexterm>encrypting databases<indexterm>on creation</indexterm></indexterm>
+<indexterm>databases<indexterm>encrypting, on creation</indexterm></indexterm>
 </keywords>
 </metadata></prolog>
 <conbody>

Modified: db/derby/docs/trunk/src/devguide/cdevcsecure97760.dita
URL: http://svn.apache.org/viewvc/db/derby/docs/trunk/src/devguide/cdevcsecure97760.dita?rev=438307&r1=438306&r2=438307&view=diff
==============================================================================
--- db/derby/docs/trunk/src/devguide/cdevcsecure97760.dita (original)
+++ db/derby/docs/trunk/src/devguide/cdevcsecure97760.dita Tue Aug 29 17:18:47 2006
@@ -1,5 +1,5 @@
 <?xml version="1.0" encoding="utf-8"?>
-
+ 
 <!DOCTYPE concept PUBLIC "-//OASIS//DTD DITA Concept//EN"
  "../dtd/concept.dtd">
 <!-- 
@@ -22,7 +22,7 @@
 <title>Working with encryption</title>
 <shortdesc>This section describes using encryption in <ph conref="devconrefs.dita#prod/productshortname"></ph>.</shortdesc>
 <prolog><metadata>
-<keywords><indexterm>Encryption<indexterm>working with</indexterm></indexterm>
+<keywords><indexterm>encryption<indexterm>working with</indexterm></indexterm>
 </keywords>
 </metadata></prolog>
 <conbody></conbody>

Modified: db/derby/docs/trunk/src/devguide/derbydev.ditamap
URL: http://svn.apache.org/viewvc/db/derby/docs/trunk/src/devguide/derbydev.ditamap?rev=438307&r1=438306&r2=438307&view=diff
==============================================================================
--- db/derby/docs/trunk/src/devguide/derbydev.ditamap (original)
+++ db/derby/docs/trunk/src/devguide/derbydev.ditamap Tue Aug 29 17:18:47 2006
@@ -29,6 +29,7 @@
 <vrmlist><vrm version="10.2"/></vrmlist>
 <brand>Apache Derby</brand></prodinfo>
 </topicmeta>
+<!--YOU MUST ADD THE NEW TOPIC TO THE RELTABLE (FOR RELATED LINKS) AND TO THE TOPICREF LIST BELOW THE RELTABLE (TO APPEAR IN THE BOOK TOC AND PDF)-->
 <reltable>
 <relrow>
 <relcell>
@@ -1602,6 +1603,18 @@
 </relrow>
 <relrow>
 <relcell>
+<topicref href="tdevcsecureunencrypteddb.dita" navtitle="Encrypting an existing unencrypted database">
+</topicref>
+</relcell>
+<relcell>
+<topicref href="cdevcsecure60146.dita" navtitle="Booting an encrypted database">
+</topicref>
+<topicref href="cdevcsecure96815.dita" navtitle="Requirements for Derby encryption">
+</topicref>
+</relcell>
+</relrow>
+<relrow>
+<relcell>
 <topicref href="cdevcsecure866716.dita" navtitle="Creating the boot password">
 </topicref>
 </relcell>
@@ -1634,6 +1647,48 @@
 </relrow>
 <relrow>
 <relcell>
+<topicref href="tdevcsecurenewkeyoverview.dita" navtitle="Encrypting databases with a new key">
+</topicref>
+</relcell>
+<relcell>
+<topicref href="tdevcsecureunencrypteddb.dita" navtitle="Encrypting an existing unencrypted database">
+</topicref>
+<topicref href="cdevcsecure88690.dita" navtitle="Encrypting databases on creation">
+</topicref>
+<topicref href="cdevcsecure96815.dita" navtitle="Requirements for Derby encryption">
+</topicref>
+</relcell>
+</relrow>
+<relrow>
+<relcell>
+<topicref href="tdevcsecurenewbootpw.dita" navtitle="Encrypting databases with a new boot password">
+</topicref>
+</relcell>
+<relcell>
+<topicref href="cdevcsecure60146.dita" navtitle="Booting an encrypted database">
+</topicref>
+<topicref href="tdevcsecurenewextkey.dita" navtitle="Encrypting databases with a new external key">
+</topicref>
+<topicref href="cdevcsecure96815.dita" navtitle="Requirements for Derby encryption">
+</topicref>
+</relcell>
+</relrow>
+<relrow>
+<relcell>
+<topicref href="tdevcsecurenewextkey.dita" navtitle="Encrypting databases with a new external key">
+</topicref>
+</relcell>
+<relcell>
+<topicref href="tdevcsecurenewbootpw.dita" navtitle="Encrypting databases with a new boot password">
+</topicref>
+<topicref href="cdevcsecure60146.dita" navtitle="Booting an encrypted database">
+</topicref>
+<topicref href="cdevcsecure96815.dita" navtitle="Requirements for Derby encryption">
+</topicref>
+</relcell>
+</relrow>
+<relrow>
+<relcell>
 <topicref href="cdevcsecure96815.dita" navtitle="Requirements for Derby encryption">
 </topicref>
 </relcell>
@@ -2370,10 +2425,18 @@
 <topicref href="cdevcsecure97760.dita" navtitle="Working with encryption">
 <topicref href="cdevcsecure88690.dita" navtitle="Encrypting databases on creation">
 </topicref>
+<topicref href="tdevcsecureunencrypteddb.dita" navtitle="Encrypting an existing unencrypted database">
+</topicref>
 <topicref href="cdevcsecure866716.dita" navtitle="Creating the boot password">
 <topicref href="cdevcsecure31493.dita" navtitle="Specifying an alternate encryption provider">
 </topicref>
 <topicref href="cdevcsecure67151.dita" navtitle="Specifying an alternate encryption algorithm">
+</topicref>
+</topicref>
+<topicref href="tdevcsecurenewkeyoverview.dita" navtitle="Encrypting databases with a new key">
+<topicref href="tdevcsecurenewbootpw.dita" linking="sourceonly" navtitle="Encrypting databases with a new boot password">
+</topicref>
+<topicref href="tdevcsecurenewextkey.dita" linking="sourceonly" navtitle="Encrypting databases with a new external key">
 </topicref>
 </topicref>
 <topicref href="cdevcsecure60146.dita" navtitle="Booting an encrypted database">

Added: db/derby/docs/trunk/src/devguide/tdevcsecurenewbootpw.dita
URL: http://svn.apache.org/viewvc/db/derby/docs/trunk/src/devguide/tdevcsecurenewbootpw.dita?rev=438307&view=auto
==============================================================================
--- db/derby/docs/trunk/src/devguide/tdevcsecurenewbootpw.dita (added)
+++ db/derby/docs/trunk/src/devguide/tdevcsecurenewbootpw.dita Tue Aug 29 17:18:47 2006
@@ -0,0 +1,58 @@
+<?xml version="1.0" encoding="utf-8"?>
+ 
+<!DOCTYPE task PUBLIC "-//OASIS//DTD DITA Task//EN"
+ "../dtd/task.dtd">
+<!-- 
+Licensed to the Apache Software Foundation (ASF) under one or more
+contributor license agreements.  See the NOTICE file distributed with
+this work for additional information regarding copyright ownership.
+The ASF licenses this file to You under the Apache License, Version 2.0
+(the "License"); you may not use this file except in compliance with
+the License.  You may obtain a copy of the License at      
+
+   http://www.apache.org/licenses/LICENSE-2.0  
+
+Unless required by applicable law or agreed to in writing, software  
+distributed under the License is distributed on an "AS IS" BASIS,  
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.  
+See the License for the specific language governing permissions and  
+limitations under the License.
+-->
+<task id="tdevcsecurenewbootpw" xml:lang="en-us">
+<title>Encrypting databases with a new boot password</title>
+<shortdesc>You can apply a new boot password to a <ph conref="devconrefs.dita#prod/productshortname"></ph> database
+by specifying the <i>newBootPassword</i> attribute on the connection URL when
+you boot the database.</shortdesc>
+<prolog><metadata>
+<keywords><indexterm>encrypting databases<indexterm>new boot password</indexterm></indexterm>
+<indexterm>databases<indexterm>encrypting, new boot password</indexterm></indexterm>
+</keywords>
+</metadata></prolog>
+<taskbody>
+<prereq><ul>
+<li>If the database is configured with log archival for roll-forward recovery,
+you must disable log archival and perform a shutdown before you can encrypt
+the database with a new boot password. </li>
+<li>If there are any global transaction that are in the prepared state after
+recovery, the database cannot be encrypted with a new boot password.</li>
+<li>If the database is currently encrypted with an external encryption key,
+you should use the <xref href="tdevcsecurenewextkey.dita#tdevcsecurenewextkey"><i>newEncryptionKey</i></xref> attribute
+to encrypt the database.</li>
+</ul></prereq>
+<context><p>When you use the <i>newBootPassword</i> attribute, a new encryption
+key is generated internally by the engine and the key is protected using the
+new boot password. The newly generated encryption key encrypts the database,
+including the existing data. You cannot change the encryption provider or
+encryption algorithm when you apply a new boot password.</p><p>To encrypt
+a database  with a new boot password:</p></context>
+<steps>
+<step><cmd>Specify the <i>newBootPassword</i> attribute in a URL and reboot
+the database.</cmd><stepxmp>For example, when the following URL is used when
+the <codeph>salesdb</codeph> database is rebooted, the database is encrypted
+with the new encryption key, and is protected by the password new1234xyz:<codeblock> jdbc:derby:salesdb;bootPassword=abc1234xyz;newBootPassword=new1234xyz</codeblock
+></stepxmp><info>If you disabled log archival before you applied the new boot
+password, create a new backup of the database after the database is reconfigured
+with new the boot password.<p></p></info></step>
+</steps>
+</taskbody>
+</task>

Propchange: db/derby/docs/trunk/src/devguide/tdevcsecurenewbootpw.dita
------------------------------------------------------------------------------
    svn:eol-style = native

Added: db/derby/docs/trunk/src/devguide/tdevcsecurenewextkey.dita
URL: http://svn.apache.org/viewvc/db/derby/docs/trunk/src/devguide/tdevcsecurenewextkey.dita?rev=438307&view=auto
==============================================================================
--- db/derby/docs/trunk/src/devguide/tdevcsecurenewextkey.dita (added)
+++ db/derby/docs/trunk/src/devguide/tdevcsecurenewextkey.dita Tue Aug 29 17:18:47 2006
@@ -0,0 +1,53 @@
+<?xml version="1.0" encoding="utf-8"?>
+ 
+<!DOCTYPE task PUBLIC "-//OASIS//DTD DITA Task//EN"
+ "../dtd/task.dtd">
+<!-- 
+Licensed to the Apache Software Foundation (ASF) under one or more
+contributor license agreements.  See the NOTICE file distributed with
+this work for additional information regarding copyright ownership.
+The ASF licenses this file to You under the Apache License, Version 2.0
+(the "License"); you may not use this file except in compliance with
+the License.  You may obtain a copy of the License at      
+
+   http://www.apache.org/licenses/LICENSE-2.0  
+
+Unless required by applicable law or agreed to in writing, software  
+distributed under the License is distributed on an "AS IS" BASIS,  
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.  
+See the License for the specific language governing permissions and  
+limitations under the License.
+-->
+<task id="tdevcsecurenewextkey" xml:lang="en-us">
+<title>Encrypting databases with a new external encryption key</title>
+<shortdesc>You can apply a new external encryption key to a <ph conref="devconrefs.dita#prod/productshortname"></ph> database
+by specifying the <i>newEncryptionKey</i> attribute on the connection URL
+when you boot the database.</shortdesc>
+<prolog><metadata>
+<keywords><indexterm>encrypting databases<indexterm>new external key</indexterm></indexterm>
+<indexterm>databases<indexterm>encrypting, new external key</indexterm></indexterm>
+</keywords>
+</metadata></prolog>
+<taskbody>
+<prereq><ul>
+<li>If the database is configured with log archival for roll-forward recovery,
+you must disable log archival and perform a shutdown before you can encrypt
+the database with a new external encryption key. </li>
+<li>If there are any global transaction that are in the prepared state after
+recovery, the database cannot be encrypted with a new encryption key.</li>
+<li>If the database is currently encrypted with a boot password , you should
+use the <xref href="tdevcsecurenewbootpw.dita#tdevcsecurenewbootpw"><i>newBootPassword</i></xref> attribute
+to encrypt the database.</li>
+</ul></prereq>
+<context><p>To encrypt a database with a new external encryption key:</p></context>
+<steps>
+<step><cmd>Specify the <i>newEncryptionKey</i> attribute in a URL and reboot
+the database.</cmd><stepxmp>For example, when the following URL is used when
+the <codeph>salesdb</codeph> database is rebooted, the database is encrypted
+with the new encryption key 6862636465666768:<codeblock>jdbc:derby:salesdb;encryptionKey=6162636465666768;newEncryptionKey=6862636465666768'</codeblock
+></stepxmp><info>If you disabled log archival before you applied the new encryption
+key, create a new backup of the database after the database is reconfigured
+with new the encryption key.<p></p></info></step>
+</steps>
+</taskbody>
+</task>

Propchange: db/derby/docs/trunk/src/devguide/tdevcsecurenewextkey.dita
------------------------------------------------------------------------------
    svn:eol-style = native

Added: db/derby/docs/trunk/src/devguide/tdevcsecurenewkeyoverview.dita
URL: http://svn.apache.org/viewvc/db/derby/docs/trunk/src/devguide/tdevcsecurenewkeyoverview.dita?rev=438307&view=auto
==============================================================================
--- db/derby/docs/trunk/src/devguide/tdevcsecurenewkeyoverview.dita (added)
+++ db/derby/docs/trunk/src/devguide/tdevcsecurenewkeyoverview.dita Tue Aug 29 17:18:47 2006
@@ -0,0 +1,59 @@
+<?xml version="1.0" encoding="utf-8"?>
+ 
+<!DOCTYPE task PUBLIC "-//OASIS//DTD DITA Task//EN"
+ "../dtd/task.dtd">
+<!-- 
+Licensed to the Apache Software Foundation (ASF) under one or more
+contributor license agreements.  See the NOTICE file distributed with
+this work for additional information regarding copyright ownership.
+The ASF licenses this file to You under the Apache License, Version 2.0
+(the "License"); you may not use this file except in compliance with
+the License.  You may obtain a copy of the License at      
+
+   http://www.apache.org/licenses/LICENSE-2.0  
+
+Unless required by applicable law or agreed to in writing, software  
+distributed under the License is distributed on an "AS IS" BASIS,  
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.  
+See the License for the specific language governing permissions and  
+limitations under the License.
+-->
+<task id="tdevcsecurenewkeyoverview" xml:lang="en-us">
+<title>Encrypting databases with a new key</title>
+<shortdesc>You can apply a new encryption key to a <ph conref="devconrefs.dita#prod/productshortname"></ph> database
+by specifying a new boot password or a new external key.</shortdesc>
+<prolog><metadata>
+<keywords><indexterm>encrypting databases<indexterm>new key, overview</indexterm></indexterm>
+<indexterm>databases<indexterm>overview of encrypting, new key</indexterm></indexterm>
+</keywords>
+</metadata></prolog>
+<taskbody>
+<context><p>Encrypting a database with a new encryption key is a time consuming
+process because it involves encrypting all of the existing data in the database
+with the new encryption key. If the process is interrupted before completion,
+all the changes are rolled back the next time that the database is booted.
+If the interruption occurs immediately after the database is encrypted with
+the new encryption key but before the connection is returned to the application,
+you might not be able to boot the database with the old encryption key. In
+these rare circumstances, you should try to boot the database with the new
+encryption key. </p><note othertype="Recommendation" type="other">Ensure that
+you have enough free disk space before you encrypt a database with a new key.
+In addition to the disk space required for the current size of the database,
+temporary disk space is required to store the old version of the data to restore
+the database back to it's original state if the new encryption is interrupted
+or returns errors. All of the temporary disk space is released back to the
+operating system after the database is reconfigured to work with the new encryption
+key.</note><p>To encrypt a database with a new encryption key:</p></context>
+<steps>
+<step><cmd>Use the type of encryption that is currently used to encrypt the
+database:</cmd>
+<choices>
+<choice>To <xref href="tdevcsecurenewbootpw.dita#tdevcsecurenewbootpw">encrypt
+the database with a new boot password key</xref>, use the <i>newBootPassword</i> attribute.</choice>
+<choice>To <xref href="tdevcsecurenewextkey.dita#tdevcsecurenewextkey">encrypt
+the database with a new external encryption key</xref>, use the <i>newEncryptionKey</i> attribute.</choice>
+</choices>
+</step>
+</steps>
+</taskbody>
+</task>

Propchange: db/derby/docs/trunk/src/devguide/tdevcsecurenewkeyoverview.dita
------------------------------------------------------------------------------
    svn:eol-style = native

Added: db/derby/docs/trunk/src/devguide/tdevcsecureunencrypteddb.dita
URL: http://svn.apache.org/viewvc/db/derby/docs/trunk/src/devguide/tdevcsecureunencrypteddb.dita?rev=438307&view=auto
==============================================================================
--- db/derby/docs/trunk/src/devguide/tdevcsecureunencrypteddb.dita (added)
+++ db/derby/docs/trunk/src/devguide/tdevcsecureunencrypteddb.dita Tue Aug 29 17:18:47 2006
@@ -0,0 +1,69 @@
+<?xml version="1.0" encoding="utf-8"?>
+ 
+<!DOCTYPE task PUBLIC "-//OASIS//DTD DITA Task//EN"
+ "../dtd/task.dtd">
+<!-- 
+Licensed to the Apache Software Foundation (ASF) under one or more
+contributor license agreements.  See the NOTICE file distributed with
+this work for additional information regarding copyright ownership.
+The ASF licenses this file to You under the Apache License, Version 2.0
+(the "License"); you may not use this file except in compliance with
+the License.  You may obtain a copy of the License at      
+
+   http://www.apache.org/licenses/LICENSE-2.0  
+
+Unless required by applicable law or agreed to in writing, software  
+distributed under the License is distributed on an "AS IS" BASIS,  
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.  
+See the License for the specific language governing permissions and  
+limitations under the License.
+-->
+<task id="tdevcsecureunencrypteddb" xml:lang="en-us">
+<title>Encrypting an existing unencrypted database</title>
+<shortdesc>You can encrypt an unencrypted <ph conref="devconrefs.dita#prod/productshortname"></ph> database
+by specifying attributes on the connection URL when you boot the database.
+The attributes that you specify depend on how you want the database encrypted.</shortdesc>
+<prolog><metadata>
+<keywords><indexterm>encrypting databases<indexterm>existing unencrypted databases</indexterm></indexterm>
+<indexterm>databases<indexterm>encrypting, existing unencrypted</indexterm></indexterm>
+</keywords>
+</metadata></prolog>
+<taskbody>
+<prereq><ul>
+<li>If the database is configured with log archival, you must disable log
+archival and perform a shutdown before you can encrypt the database. </li>
+<li>If there are any global transaction that are in the prepared state after
+recovery, the database cannot be encrypted.</li>
+</ul></prereq>
+<context><p>When you encrypt an existing, unencrypted database, you can specify
+whether the database should be encrypted using a boot password or an external
+encryption key.  You can also specify the <i>encryptionProvider</i> attribute
+and the <i>encryptionAlgorithm</i> attribute on the connection URL. The database
+is configure with the specified encryption attributes and all of the existing
+data in the database is encrypted. </p><p>Encrypting a database is a time
+consuming process because it involves encrypting all of the existing data
+in the database. If the process is interrupted before completion, all the
+changes are rolled back the next time that the database is booted. If the
+interruption occurs immediately after the database is encryped but before
+the connection is returned to the application, you might not be able to boot
+the database without the boot password or external encryption key. In these
+rare circumstances, you should try to boot the database with the boot password
+or the external encryption key. </p><note othertype="Recommendation" type="other">Ensure
+that you have enough free disk space before you encrypt a database. In addition
+to the disk space required for the current size of the database, temporary
+disk space is required to store the old version of the data to restore the
+database back to it's original state if the encryption is interrupted or returns
+errors. All of the temporary disk space is released back to the operating
+system after the database is encrypted.</note><p>To encrypting an existing
+unencrypted database:</p></context>
+<steps>
+<step><cmd>Specify the <i>dataEncryption=true</i> attribute and either the <i>encryptionKey</i> attribute
+or the <i>bootPassword</i> attribute in a URL and boot the database.</cmd>
+<stepxmp>For example, to encrypt the <codeph>salesdb</codeph> database with
+the boot password <codeph>abc1234xyz</codeph>, specify the following attributes
+in the URL:<codeblock>jdbc:derby:salesdb;dataEncryption=true;bootPassword=abc1234xyz </codeblock></stepxmp>
+<info>If you disabled log archival before you encrypted the database, create
+a new backup of the database after the database is encrypted.</info></step>
+</steps>
+</taskbody>
+</task>

Propchange: db/derby/docs/trunk/src/devguide/tdevcsecureunencrypteddb.dita
------------------------------------------------------------------------------
    svn:eol-style = native

Modified: db/derby/docs/trunk/src/devguide/tdevdvlp14496.dita
URL: http://svn.apache.org/viewvc/db/derby/docs/trunk/src/devguide/tdevdvlp14496.dita?rev=438307&r1=438306&r2=438307&view=diff
==============================================================================
--- db/derby/docs/trunk/src/devguide/tdevdvlp14496.dita (original)
+++ db/derby/docs/trunk/src/devguide/tdevdvlp14496.dita Tue Aug 29 17:18:47 2006
@@ -1,5 +1,5 @@
 <?xml version="1.0" encoding="utf-8"?>
-
+ 
 <!DOCTYPE task PUBLIC "-//OASIS//DTD DITA Task//EN"
  "../dtd/task.dtd">
 <!-- 
@@ -24,9 +24,10 @@
 database as an encrypted database (one in which the database is encrypted
 on disk). To do this, you use the <i>dataEncryption=true</i> attribute to
 turn on encryption and the <codeph><i>bootPassword=key</i></codeph> attribute
-to specify a key for the encryption.</shortdesc>
+or the encryptionKey attribute to specify a key for the encryption.</shortdesc>
 <prolog><metadata>
-<keywords><indexterm>Databases<indexterm>encrypting upon creation</indexterm></indexterm>
+<keywords><indexterm>encrypting databases<indexterm>on creation</indexterm></indexterm>
+<indexterm>databases<indexterm>encrypting, on creation</indexterm></indexterm>
 </keywords>
 </metadata></prolog>
 <taskbody>

Modified: db/derby/docs/trunk/src/devguide/tdevdvlp40140.dita
URL: http://svn.apache.org/viewvc/db/derby/docs/trunk/src/devguide/tdevdvlp40140.dita?rev=438307&r1=438306&r2=438307&view=diff
==============================================================================
--- db/derby/docs/trunk/src/devguide/tdevdvlp40140.dita (original)
+++ db/derby/docs/trunk/src/devguide/tdevdvlp40140.dita Tue Aug 29 17:18:47 2006
@@ -1,5 +1,4 @@
 <?xml version="1.0" encoding="utf-8"?>
- 
 <!DOCTYPE task PUBLIC "-//OASIS//DTD DITA Task//EN"
  "../dtd/task.dtd">
 <!-- 
@@ -37,10 +36,11 @@
 <choice>If the database was encrypted using the bootPassword mechanism, specify
 the <i>bootPassword</i> attribute. For example:<codeblock>jdbc:derby:wombat;bootPassword=clo760uds2caPe </codeblock></choice>
 <choice>If the database was encrypted using an external key, specify the <i>encryptionKey</i> attribute.
-For example: <codeblock>jdbc:derby:flintstone;encryptionAlgorithm=AES/CBC/NoPadding;encryptionKey=c566bab9ee8b62a5ddb4d9229224c678 </codeblock><p
->If the algorithm that was used when the database was created is not the default
-algorithm, you must also specify the <i>encryptionAlgorithm</i> attribute.
-The default encryption algorithm used by <ph conref="devconrefs.dita#prod/productshortname"></ph> is
+For example: <codeblock>jdbc:derby:flintstone;encryptionAlgorithm=AES/CBC/NoPadding;
+encryptionKey=c566bab9ee8b62a5ddb4d9229224c678 </codeblock><p>If the algorithm
+that was used when the database was created is not the default algorithm,
+you must also specify the <i>encryptionAlgorithm</i> attribute. The default
+encryption algorithm used by <ph conref="devconrefs.dita#prod/productshortname"></ph> is
 DES/CBC/NoPadding.</p></choice>
 </choices>
 </step>