-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Sunitha Kambhampati wrote:
> Do not store the encryption key length and the encryption block size in > service.properties for encrypted database when external key is used. > > Regarding fix for derby 42 > (http://nagoya.apache.org/jira/browse/DERBY-42 ): > 1)The encryption key length is used only for error checking and the fix > to not store this information is OK and simple. Also attached is patch > to fix this first part . > > 2)However removing the encryption block size property is little more > involved: > Currently, the encryption block size is obtained during creation of the > encrypted database and stored in service.properties. On subsequent > connections, this stored value is used for padding of logs. I think that Derby-42 should be just be for removing the key length from service.properties. That would then be fixed with your patch. Then maybe a separate issue for handling the block size. There are two issues I see for block size. 1) Does having the block size in service.properties compromise the security of an ecrypted database in any way? E.g. does it give a clue to the key length or algorithm? 2) Since default block size is provider specific (from Javadoc for Cipher), what does the Derby code do with the block size when an encrypted database is booted? Does it request an algorithm with that block size? Dan. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.5 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFBdUwcIv0S4qsbfuQRAqNOAJ9vVFnEnMAtRfmeteQupGtA1vLHBACg5kLT BAx3mcNhe0md0JvwViIvgO4= =qhI3 -----END PGP SIGNATURE-----
