You are viewing a plain text version of this content. The canonical link for it is here.
Posted to derby-commits@db.apache.org by ch...@apache.org on 2012/10/09 20:10:56 UTC
svn commit: r1396146 - /db/derby/docs/branches/10.7/src/ref/
Author: chaase3
Date: Tue Oct 9 18:10:55 2012
New Revision: 1396146
URL: http://svn.apache.org/viewvc?rev=1396146&view=rev
Log:
DERBY-5805 Database encryption topics in Reference Manual need more information
Merged DERBY-5805-2.diff to 10.7 docs branch from trunk revision 1396068.
Modified:
db/derby/docs/branches/10.7/src/ref/refderby.ditamap
db/derby/docs/branches/10.7/src/ref/rrefattrib15290.dita
db/derby/docs/branches/10.7/src/ref/rrefattrib42100.dita
db/derby/docs/branches/10.7/src/ref/rrefattrib60346.dita
db/derby/docs/branches/10.7/src/ref/rrefattrib88843.dita
db/derby/docs/branches/10.7/src/ref/rrefattribencryptkey.dita
db/derby/docs/branches/10.7/src/ref/rrefattribencryptkeylength.dita
db/derby/docs/branches/10.7/src/ref/rrefattribnewbootpw.dita
db/derby/docs/branches/10.7/src/ref/rrefattribnewencryptkey.dita
Modified: db/derby/docs/branches/10.7/src/ref/refderby.ditamap
URL: http://svn.apache.org/viewvc/db/derby/docs/branches/10.7/src/ref/refderby.ditamap?rev=1396146&r1=1396145&r2=1396146&view=diff
==============================================================================
--- db/derby/docs/branches/10.7/src/ref/refderby.ditamap (original)
+++ db/derby/docs/branches/10.7/src/ref/refderby.ditamap Tue Oct 9 18:10:55 2012
@@ -650,10 +650,10 @@ URL syntax"></topicref>
</topicref>
<topicref href="rrefattrib72457.dita" navtitle="logDevice=logDirectoryPath attribute">
</topicref>
-<topicref href="rrefattribnewencryptkey.dita" navtitle="newEncryptionKey=key attribute">
-</topicref>
<topicref href="rrefattribnewbootpw.dita" navtitle="newBootPassword=newPassword attribute">
</topicref>
+<topicref href="rrefattribnewencryptkey.dita" navtitle="newEncryptionKey=key attribute">
+</topicref>
<topicref href="rrefattrib42686.dita" navtitle="password=userPassword attribute">
</topicref>
<topicref href="rrefrestorefrom.dita" navtitle="restoreFrom=path attribute">
Modified: db/derby/docs/branches/10.7/src/ref/rrefattrib15290.dita
URL: http://svn.apache.org/viewvc/db/derby/docs/branches/10.7/src/ref/rrefattrib15290.dita?rev=1396146&r1=1396145&r2=1396146&view=diff
==============================================================================
--- db/derby/docs/branches/10.7/src/ref/rrefattrib15290.dita (original)
+++ db/derby/docs/branches/10.7/src/ref/rrefattrib15290.dita Tue Oct 9 18:10:55 2012
@@ -31,11 +31,26 @@ data encryption</indexterm></indexterm><
new database or to configure an existing unencrypted database for encryption.
For information about data encryption, see "Encrypting databases on disk"
in the <cite><ph conref="../conrefs.dita#pub/citdevelop"></ph></cite>.</p> </section>
-<section><title>Combining with other attributes</title><p>The <i>dataEncryption</i> attribute
-must be combined with the <i><xref href="rrefattrib42100.dita#rrefattrib42100">bootPassword=key</xref></i> attribute
-or the <xref href="rrefattribnewencryptkey.dita#rrefattribnewencryptkey">newEncryptionKey=key</xref> attribute.
-You have the option of also specifying the <i><xref href="rrefattrib88843.dita#rrefattrib88843">encryptionProvider=providerName</xref></i> and <i><xref
-href="rrefattrib60346.dita#rrefattrib60346">encryptionAlgorithm=algorithm</xref></i> attributes.</p>
+<section><title>Combining with other attributes</title>
+<p>The <i>dataEncryption=true</i> attribute must be combined with either the
+<i><xref href="rrefattrib42100.dita#rrefattrib42100">bootPassword=key</xref></i>
+attribute or the
+<i><xref href="rrefattribencryptkey.dita#rrefattribencryptkey">encryptionKey=key</xref></i>
+attribute.</p>
+<p>With either <i>bootPassword=key</i> or <i>encryptionKey=key</i>, you have the
+option of also specifying the
+<i><xref href="rrefattrib88843.dita#rrefattrib88843">encryptionProvider=providerName</xref></i>,
+<i><xref href="rrefattrib60346.dita#rrefattrib60346">encryptionAlgorithm=algorithm</xref></i>,
+and/or <i><xref href="rrefattribencryptkeylength.dita#rrefattribencryptkeylength">encryptionKeyLength=length</xref></i>
+attributes.</p>
+<p>An encryption key and a boot password use different storage mechanisms, so
+if, for example, you create a database using a boot password, you must continue
+to specify a boot password when you boot the database; you cannot switch to an
+encryption key. You can change either the boot password or the encryption key
+by specifying
+<i><xref href="rrefattribnewbootpw.dita#rrefattribnewbootpw">newBootPassword=newPassword</xref></i>
+or
+<i><xref href="rrefattribnewencryptkey.dita#rrefattribnewencryptkey">newEncryptionKey=key</xref></i>.</p>
<p>
For an existing, unencrypted database for which authentication
and SQL authorization are both
@@ -48,11 +63,11 @@ href="rrefattrib60346.dita#rrefattrib603
for more information.
</p>
</section>
-<example><title>Examples</title><codeblock><b><ph> -- encrypt a new database</ph>
+<example><title>Examples</title><codeblock><b><ph>-- encrypt a new database</ph>
jdbc:derby:encryptedDB;create=true;dataEncryption=true;
bootPassword=cLo4u922sc23aPe
- <ph>-- configure an existing unencrypted database for encryption </ph>
- jdbc:derby:salesdb;dataEncryption=true;bootPassword=cLo4u922sc23aPe
+<ph>-- configure an existing unencrypted database for encryption </ph>
+jdbc:derby:salesdb;dataEncryption=true;bootPassword=cLo4u922sc23aPe
</b></codeblock> </example>
</refbody>
</reference>
Modified: db/derby/docs/branches/10.7/src/ref/rrefattrib42100.dita
URL: http://svn.apache.org/viewvc/db/derby/docs/branches/10.7/src/ref/rrefattrib42100.dita?rev=1396146&r1=1396145&r2=1396146&view=diff
==============================================================================
--- db/derby/docs/branches/10.7/src/ref/rrefattrib42100.dita (original)
+++ db/derby/docs/branches/10.7/src/ref/rrefattrib42100.dita Tue Oct 9 18:10:55 2012
@@ -27,11 +27,14 @@ boot password key</indexterm></indexterm
</keywords>
</metadata></prolog>
<refbody>
-<section><title>Function</title><p>Specifies the key to use to : <ul>
+<section><title>Function</title><p>Specifies the key to use to: <ul>
<li>Encrypt a new database</li>
<li>Configure an existing unencrypted database for encryption</li>
<li>Boot an existing encrypted database</li>
-</ul>Specify an alphanumeric string that is at least eight characters long.</p> </section>
+</ul>Specify an alphanumeric string that is at least eight characters long.</p>
+<p>For information about data encryption, see "Encrypting databases on disk"
+in the <cite><ph conref="../conrefs.dita#pub/citdevelop"></ph></cite>.</p>
+</section>
<section><title>Combining with other attributes</title><p>When you create
a new database, the <i>bootPassword=key</i> attribute must be combined with
the <i><xref href="rrefattrib26867.dita#rrefattrib26867">create=true</xref></i> and <i><xref
@@ -39,8 +42,7 @@ href="rrefattrib15290.dita#rrefattrib152
<p>
When you configure an existing unencrypted database for encryption,
the <i>bootPassword=key</i> attribute must be combined with
- the <xref href="rrefattrib15290.dita#rrefattrib15290">dataEncryption=true</xref>
- attribute.
+ the <i>dataEncryption=true</i> attribute.
For an existing, unencrypted database for which authentication and
SQL authorization are both
enabled, only the
@@ -53,8 +55,12 @@ href="rrefattrib15290.dita#rrefattrib152
for more information.
</p>
-<p>When
-you boot an existing encrypted database, no other attributes are necessary.</p> </section>
+<p>The <i>bootPassword=key</i> attribute can optionally be combined with the
+<i><xref href="rrefattrib88843.dita#rrefattrib88843">encryptionProvider=providerName</xref></i>,
+<i><xref href="rrefattrib60346.dita#rrefattrib60346">encryptionAlgorithm=algorithm</xref></i>,
+and/or <i><xref href="rrefattribencryptkeylength.dita#rrefattribencryptkeylength">encryptionKeyLength=length</xref></i>
+attributes.</p>
+</section>
<example><title>Examples</title><codeblock><b><ph>-- create a new, encrypted database</ph>
jdbc:derby:newDB;create=true;dataEncryption=true;
bootPassword=cseveryPlace
@@ -62,6 +68,10 @@ jdbc:derby:newDB;create=true;dataEncrypt
jdbc:derby:salesdb;dataEncryption=true;bootPassword=cseveryPlace
<ph>-- boot an existing encrypted database</ph>
jdbc:derby:encryptedDB;bootPassword=cseveryPlace
+<ph>-- configure an existing encrypted database for encryption,
+-- specifying the encryption algorithm</ph>
+jdbc:derby:encryptedDB;dataEncryption=true;bootPassword=cseveryPlace;
+ encryptionAlgorithm=DESede/CBC/NoPadding
</b></codeblock></example>
</refbody>
</reference>
Modified: db/derby/docs/branches/10.7/src/ref/rrefattrib60346.dita
URL: http://svn.apache.org/viewvc/db/derby/docs/branches/10.7/src/ref/rrefattrib60346.dita?rev=1396146&r1=1396145&r2=1396146&view=diff
==============================================================================
--- db/derby/docs/branches/10.7/src/ref/rrefattrib60346.dita (original)
+++ db/derby/docs/branches/10.7/src/ref/rrefattrib60346.dita Tue Oct 9 18:10:55 2012
@@ -34,11 +34,16 @@ conref="../conrefs.dita#prod/productshor
no encryption algorithm is specified, the default value is <i>DES/CBC/NoPadding</i>.</p><p>For
information about data encryption, see "Encrypting databases on disk" in the <cite><ph
conref="../conrefs.dita#pub/citdevelop"></ph></cite>.</p> </section>
-<section><title>Combining with other attributes</title> <p>The <i>encryptionAlgorithm</i> attribute
-must be combined with the <i><xref href="rrefattrib42100.dita#rrefattrib42100">bootPassword=key</xref></i> attribute
-and the <xref href="rrefattrib15290.dita#rrefattrib15290">dataEncryption=true</xref> attribute.
-You have the option of also specifying the <i><xref href="rrefattrib88843.dita#rrefattrib88843">encryptionProvider=providerName</xref></i> attribute
-to specify the encryption provider of the algorithm.</p>
+<section><title>Combining with other attributes</title>
+<p>The <i>encryptionAlgorithm=algorithm</i> attribute must be combined with the
+<i><xref href="rrefattrib15290.dita#rrefattrib15290">dataEncryption=true</xref></i>
+attribute and with either the
+<i><xref href="rrefattrib42100.dita#rrefattrib42100">bootPassword=key</xref></i>
+attribute or the
+<i><xref href="rrefattribencryptkey.dita#rrefattribencryptkey">encryptionKey=key</xref></i>
+attribute. You can also use the
+<i><xref href="rrefattrib88843.dita#rrefattrib88843">encryptionProvider=providerName</xref></i>
+attribute to specify the encryption provider of the algorithm.</p>
<p>
For an existing database for which authentication and
SQL authorization are both
@@ -52,13 +57,13 @@ to specify the encryption provider of th
for more information.
</p>
</section>
-<example> <title>Examples</title><codeblock><b><ph> -- encrypt a new database</ph>
- jdbc:derby:encryptedDB;create=true;dataEncryption=true;
+<example> <title>Examples</title><codeblock><b><ph>-- encrypt a new database</ph>
+jdbc:derby:encryptedDB;create=true;dataEncryption=true;
encryptionProvider=com.sun.crypto.provider.SunJCE;
encryptionAlgorithm=DESede/CBC/NoPadding;
bootPassword=cLo4u922sc23aPe
<ph>-- configure an existing database for encryption </ph>
- jdbc:derby:salesdb;dataEncryption=true;
+jdbc:derby:salesdb;dataEncryption=true;
encryptionProvider=com.sun.crypto.provider.SunJCE;
encryptionAlgorithm=DESede/CBC/NoPadding;
bootPassword=cLo4u922sc23aPe
Modified: db/derby/docs/branches/10.7/src/ref/rrefattrib88843.dita
URL: http://svn.apache.org/viewvc/db/derby/docs/branches/10.7/src/ref/rrefattrib88843.dita?rev=1396146&r1=1396145&r2=1396146&view=diff
==============================================================================
--- db/derby/docs/branches/10.7/src/ref/rrefattrib88843.dita (original)
+++ db/derby/docs/branches/10.7/src/ref/rrefattrib88843.dita Tue Oct 9 18:10:55 2012
@@ -32,10 +32,17 @@ For information about data encryption, s
in the <cite><ph conref="../conrefs.dita#pub/citdevelop"></ph></cite>. </p><p>If
this attribute is not specified, the default encryption provider is the one
included in the JVM that you are using.</p> </section>
-<section><title>Combining with other attributes</title> <p>The <i>encryptionProvider</i> attribute
-must be combined with the <i><xref href="rrefattrib42100.dita#rrefattrib42100">bootPassword=key</xref> and <xref
-href="rrefattrib15290.dita#rrefattrib15290">dataEncryption=true</xref></i> attributes. You can
-also specify the <i><xref href="rrefattrib60346.dita#rrefattrib60346">encryptionAlgorithm=algorithm</xref></i> attribute.</p>
+<section><title>Combining with other attributes</title>
+<p>The <i>encryptionProvider=providerName</i> attribute
+must be combined with the
+<i><xref href="rrefattrib15290.dita#rrefattrib15290">dataEncryption=true</xref></i>
+attribute and with either the
+<i><xref href="rrefattrib42100.dita#rrefattrib42100">bootPassword=key</xref></i>
+or the
+<i><xref href="rrefattribencryptkey.dita#rrefattribencryptkey">encryptionKey=key</xref></i>
+attribute. You can also use the
+<i><xref href="rrefattrib60346.dita#rrefattrib60346">encryptionAlgorithm=algorithm</xref></i>
+attribute to specify the encryption algorithm.</p>
<p>
For an existing, unencrypted database for which authentication and
SQL authorization are both
@@ -55,7 +62,7 @@ jdbc:derby:encryptedDB;create=true;dataE
encryptionAlgorithm=DESede/CBC/NoPadding;
bootPassword=cLo4u922sc23aPe
<ph>-- configure an existing database for encryption </ph>
- jdbc:derby:salesdb;dataEncryption=true;
+jdbc:derby:salesdb;dataEncryption=true;
encryptionProvider=com.sun.crypto.provider.SunJCE;
encryptionAlgorithm=DESede/CBC/NoPadding;
bootPassword=cLo4u922sc23aPe
Modified: db/derby/docs/branches/10.7/src/ref/rrefattribencryptkey.dita
URL: http://svn.apache.org/viewvc/db/derby/docs/branches/10.7/src/ref/rrefattribencryptkey.dita?rev=1396146&r1=1396145&r2=1396146&view=diff
==============================================================================
--- db/derby/docs/branches/10.7/src/ref/rrefattribencryptkey.dita (original)
+++ db/derby/docs/branches/10.7/src/ref/rrefattribencryptkey.dita Tue Oct 9 18:10:55 2012
@@ -31,10 +31,17 @@ encryption key</indexterm></indexterm><i
<li>Encrypt a new database</li>
<li>Configure an existing unencrypted database for encryption</li>
<li>Boot an existing encrypted database</li>
-</ul>Your application must provide the encryption key.</p></section>
+</ul>Your application must provide the encryption key.</p>
+<p>For information about data encryption, see "Encrypting databases on disk"
+in the <cite><ph conref="../conrefs.dita#pub/citdevelop"></ph></cite>.</p>
+</section>
<section><title>Combining with other attributes</title><p>When creating a
-new database, you must combine the <i>encryptionKey</i> attribute with the <i>create=true</i> and <i>dataEncryption=true</i> attributes. </p><p>When
-you configure an existing unencrypted database for encryption, the <i>encryptionKey</i> attribute
+new database, you must combine the <i>encryptionKey=key</i> attribute with the
+<i><xref href="rrefattrib26867.dita#rrefattrib26867">create=true</xref></i> and
+<i><xref href="rrefattrib15290.dita#rrefattrib15290">dataEncryption=true</xref></i>
+attributes. </p><p>When
+you configure an existing unencrypted database for encryption, the
+<i>encryptionKey=key</i> attribute
must be combined with the <i>dataEncryption=true</i> attribute.
For an existing, unencrypted database for which authentication
and SQL authorization are both
@@ -46,16 +53,19 @@ and "Setting the SQL standard authorizat
in the
<ph conref="../conrefs.dita#pub/citdevelop"></ph>
for more information.
-</p><p>When
-booting an existing encrypted database, you must also specify the <i>encryptionAlgorithm</i> attribute
-if the algorithm that was used when the database was created is not the default
-algorithm. </p><p>The default encryption algorithm used by <ph conref="../conrefs.dita#prod/productshortname"></ph> is
-DES/CBC/NoPadding.</p> </section>
+</p>
+<p>The <i>encryptionKey=key</i> attribute can optionally be combined with the
+<i><xref href="rrefattrib88843.dita#rrefattrib88843">encryptionProvider=providerName</xref></i>,
+<i><xref href="rrefattrib60346.dita#rrefattrib60346">encryptionAlgorithm=algorithm</xref></i>,
+and/or <i><xref href="rrefattribencryptkeylength.dita#rrefattribencryptkeylength">encryptionKeyLength=length</xref></i>
+attributes.</p></section>
<example><title>Examples</title><p><b>Example of a JDBC URL that creates a
new encrypted database:</b></p><codeblock>jdbc:derby:newDB;create=true;dataEncryption=true;
- encryptionAlgorithm=DES/CBC/NoPadding;encryptionKey=6162636465666768</codeblock><p><b>Example
-of a JDBC URL that configures an existing unencrypted database for encryption:</b><codeblock>jdbc:derby:salesdb;dataEncryption=true;encryptionKey=6162636465666768
-</codeblock></p><p><b>Example of a JDBC URL that boots an encrypted database:</b><codeblock>jdbc:derby:encryptedDB;encryptionKey=6162636465666768</codeblock
+ encryptionKey=6162636465666768</codeblock><p><b>Example
+of a JDBC URL that configures an existing unencrypted database for encryption:</b>
+<codeblock>jdbc:derby:salesdb;dataEncryption=true;encryptionKey=6162636465666768
+</codeblock></p><p><b>Example of a JDBC URL that boots an encrypted database:</b>
+<codeblock>jdbc:derby:encryptedDB;encryptionKey=6162636465666768</codeblock
></p> </example>
</refbody>
</reference>
Modified: db/derby/docs/branches/10.7/src/ref/rrefattribencryptkeylength.dita
URL: http://svn.apache.org/viewvc/db/derby/docs/branches/10.7/src/ref/rrefattribencryptkeylength.dita?rev=1396146&r1=1396145&r2=1396146&view=diff
==============================================================================
--- db/derby/docs/branches/10.7/src/ref/rrefattribencryptkeylength.dita (original)
+++ db/derby/docs/branches/10.7/src/ref/rrefattribencryptkeylength.dita Tue Oct 9 18:10:55 2012
@@ -43,12 +43,12 @@ DES).</li>
length.</li>
<li>You want to use a non-default key length.</li>
</ul></p>
+<p>For information about data encryption, see "Encrypting databases on disk"
+in the <cite><ph conref="../conrefs.dita#pub/citdevelop"></ph></cite>.</p>
</section>
<section><title>Combining with other attributes</title>
<p>The <i>encryptionKeyLength=length</i> attribute can be combined with either
-the
-<i><xref href="rrefattrib42100.dita#rrefattrib42100">bootPassword=key</xref></i>
-attribute or the
+the <i>bootPassword=key</i> attribute or the
<i><xref href="rrefattribencryptkey.dita#rrefattribencryptkey">encryptionKey=key</xref></i>
attribute (although it is redundant if you use <i>encryptionKey=key</i>).</p>
<p>The <i>encryptionKeyLength=length</i> attribute may also be combined with the
@@ -56,19 +56,18 @@ attribute (although it is redundant if y
and/or
<i><xref href="rrefattrib60346.dita#rrefattrib60346">encryptionAlgorithm=algorithm</xref></i>
attributes.</p>
-<p>If you are using <i>encryptionKeyLength=length</i> with
-<i>encryptionKey=key</i>, make sure the key you specify has the length you
-specify.</p>
+<p>If you use <i>encryptionKeyLength=length</i> with <i>encryptionKey=key</i>,
+the key you specify must have the length you specify.</p>
</section>
<example><title>Examples</title>
<codeblock><b><ph>-- create a new, encrypted database</ph>
jdbc:derby:newDB;create=true;dataEncryption=true;
-encryptionKeyLength=192;encryptionAlgorithm=AES/CBC/NoPadding;
-bootPassword=Thursday
+ encryptionKeyLength=192;encryptionAlgorithm=AES/CBC/NoPadding;
+ bootPassword=Thursday
<ph>-- configure an existing unencrypted database for encryption</ph>
jdbc:derby:myDB;dataEncryption=true;
-encryptionKeyLength=168;encryptionAlgorithm=DESede/CBC/NoPadding;
-bootPassword=Wednesday</b></codeblock>
+ encryptionKeyLength=168;encryptionAlgorithm=DESede/CBC/NoPadding;
+ bootPassword=Wednesday</b></codeblock>
<note>If the specified algorithm does not support the specified
encryption key length, <ph conref="../conrefs.dita#prod/productshortname"></ph>
returns an exception.</note>
Modified: db/derby/docs/branches/10.7/src/ref/rrefattribnewbootpw.dita
URL: http://svn.apache.org/viewvc/db/derby/docs/branches/10.7/src/ref/rrefattribnewbootpw.dita?rev=1396146&r1=1396145&r2=1396146&view=diff
==============================================================================
--- db/derby/docs/branches/10.7/src/ref/rrefattribnewbootpw.dita (original)
+++ db/derby/docs/branches/10.7/src/ref/rrefattribnewbootpw.dita Tue Oct 9 18:10:55 2012
@@ -33,10 +33,12 @@ key is protected using the new boot pass
key encrypts the database, including the existing data. For more information
about this attribute, see "Encrypting databases with a new boot password"
in the <cite><ph conref="../conrefs.dita#pub/citdevelop"></ph></cite>.</p> </section>
-<section><title>Combining with other attributes</title><p>The <i>newBootPassword</i> attribute
-must be combined with the <i><xref href="rrefattrib42100.dita#rrefattrib42100">bootPassword=key</xref></i> attribute.</p><p>You
-cannot change the encryption provider or the encryption algorithm when you
-use the <i>newBootPassword</i> attribute.</p>
+<section><title>Combining with other attributes</title>
+<p>The <i>newBootPassword=newPassword</i> attribute must be combined with the
+<i><xref href="rrefattrib42100.dita#rrefattrib42100">bootPassword=key</xref></i>
+attribute.</p>
+<p>You cannot change the encryption provider or the encryption algorithm when
+you use the <i>newBootPassword=newPassword</i> attribute.</p>
<p>
For an existing encrypted database for which authentication and
SQL authorization are both
Modified: db/derby/docs/branches/10.7/src/ref/rrefattribnewencryptkey.dita
URL: http://svn.apache.org/viewvc/db/derby/docs/branches/10.7/src/ref/rrefattribnewencryptkey.dita?rev=1396146&r1=1396145&r2=1396146&view=diff
==============================================================================
--- db/derby/docs/branches/10.7/src/ref/rrefattribnewencryptkey.dita (original)
+++ db/derby/docs/branches/10.7/src/ref/rrefattribnewencryptkey.dita Tue Oct 9 18:10:55 2012
@@ -32,10 +32,12 @@ for an encrypted database. All of the ex
using the new encryption key and any new data written to the database will
use this key for encryption. For more information about this attribute, see
"Encrypting databases with a new external encryption key" in the <cite><ph conref="../conrefs.dita#pub/citdevelop"></ph></cite>.</p> </section>
-<section><title>Combining with other attributes</title> <p>The <i>newEncryptionKey</i> attribute
-must be combined with the <i><xref href="rrefattribencryptkey.dita#rrefattribencryptkey">encryptionKey=key</xref></i> attribute.</p><p>You
-cannot change the encryption provider or the encryption algorithm when you
-use the <i>newEncryptionKey</i> attribute.</p>
+<section><title>Combining with other attributes</title>
+<p>The <i>newEncryptionKey=key</i> attribute must be combined with the
+<i><xref href="rrefattribencryptkey.dita#rrefattribencryptkey">encryptionKey=key</xref></i>
+attribute.</p>
+<p>You cannot change the encryption provider or the encryption algorithm when
+you use the <i>newEncryptionKey=key</i> attribute.</p>
<p>
For an existing encrypted database for which authentication and
SQL authorization are both
@@ -50,6 +52,7 @@ use the <i>newEncryptionKey</i> attribut
</p>
</section>
<example><title>Example</title><codeblock><b><ph>-- specify a new encryption key for a database</ph>
-jdbc:derby:salesdb;encryptionKey=6162636465666768;newEncryptionKey=6862636465666768</b></codeblock> </example>
+jdbc:derby:salesdb;encryptionKey=6162636465666768;
+ newEncryptionKey=6862636465666768</b></codeblock> </example>
</refbody>
</reference>