Dyre Tjeldvoll created DERBY-6537:
-------------------------------------
Summary: StringUtil.fromHexString is used to convert encryptionKey
to byte[]
Key: DERBY-6537
URL: https://issues.apache.org/jira/browse/DERBY-6537
Project: Derby
Issue Type: Bug
Components: Documentation, Services
Affects Versions: 10.10.1.1
Reporter: Dyre Tjeldvoll
Priority: Minor
The javadoc for StringUtil.fromHexString states that its intended use is to
"Convert a hexidecimal string generated by toHexString() back into a byte
array", and that null is returned if the length of the hex-string is not even.
But in JCECipherFactory.init() it is being used to convert the encryptionKey
property string to byte[]. For this usage such a restriction makes no sense,
and is confusing as it is not documented (at least not in the dev guide chapter
about encrypting databases).
For this usage it would be better to use
new BigInt(encryptionKey,16).toByteArray() which would not have this
restriction. But even with this change the documentation should probably be
updated to state that the value for the key must be a valid hex-string, as that
is what it will be interpreted as. The first section of the doc should probably
also mention that DES is the default algo, and what its minimum key length
requirements are (now you need to look at the section about specifying an
alternate algo, to find that).
--
This message was sent by Atlassian JIRA
(v6.2#6252)
