[
https://issues.apache.org/jira/browse/DERBY-6537?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13986653#comment-13986653
]
Kim Haase commented on DERBY-6537:
----------------------------------
We do say, right in the first substantive section ("Encrypting databases on
creation"), that DES is the default algorithm. It is at this point that we
should first mention the details about the minimum key length and that the key
should be a valid hexadecimal string, as well as adding the hex-string info to
the topic "Encrypting databases with a new external encryption key" and to the
Reference Manual topic "encryptionKey=key attribute".
I don't see any mention of a minimum key length, only of the consequences of
specifying a non-default key length -- and that is for AES, not DES. What are
the default/minimum/maximum key lengths for DES?
Looks like there is a typo (closing apostrophe) at the end of the example in
"Encrypting databases with a new external encryption key" -- is that the case?
> StringUtil.fromHexString is used to convert encryptionKey to byte[]
> -------------------------------------------------------------------
>
> Key: DERBY-6537
> URL: https://issues.apache.org/jira/browse/DERBY-6537
> Project: Derby
> Issue Type: Bug
> Components: Documentation, Services
> Affects Versions: 10.10.1.1
> Reporter: Dyre Tjeldvoll
> Assignee: Kim Haase
> Priority: Minor
>
> The javadoc for StringUtil.fromHexString states that its intended use is to
> "Convert a hexidecimal string generated by toHexString() back into a byte
> array", and that null is returned if the length of the hex-string is not
> even.
> But in JCECipherFactory.init() it is being used to convert the encryptionKey
> property string to byte[]. For this usage such a restriction makes no sense,
> and is confusing as it is not documented (at least not in the dev guide
> chapter about encrypting databases).
> For this usage it would be better to use
> new BigInt(encryptionKey,16).toByteArray() which would not have this
> restriction. But even with this change the documentation should probably be
> updated to state that the value for the key must be a valid hex-string, as
> that is what it will be interpreted as. The first section of the doc should
> probably also mention that DES is the default algo, and what its minimum key
> length requirements are (now you need to look at the section about specifying
> an alternate algo, to find that).
--
This message was sent by Atlassian JIRA
(v6.2#6252)
