[
https://issues.apache.org/jira/browse/DERBY-5792?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Kristian Waagan updated DERBY-5792:
-----------------------------------
Attachment: derby-5792-3a-decryption_feature.diff
Patch 3a adds the decryption feature:
* iapi/reference/Attribute
Adds the new connection URL 'decryptDatabase' (true|false).
* iapi/store/raw/RawStoreFactory
Adds the new minor version 10.
Updated a comment.
* iapi/store/raw/DataFactory
Adds method decryptAllContainers(RawTransaction).
* impl/jdbc/EmbeddedConnection
Introduces notion of crypto boot, instead of looking just for encryption. Makes
two-phase boot logic apply to decryption.
Adds check for conflicting high-level cryptographic attributes. Note that the
checking here is incomplete due to missing knowledge about the state of the
database (for instance, is it encrypted or not?).
* impl/store/RawStore
Adds logic to detect decryption request.
Denies decryption if the database is in certain states (read-only, has global
prepared xact, log archived, store version too old).
Adds logic to update the service properties, that is to remove encryption
properties after decryption has happened.
Decryption reuses the same crash recovery support as encryption uses.
* impl/store/raw/data/BaseDataFileFactory
Implements decryptAllContainers(RawTransaction.
* impl/store/raw/data/RAFContainer
Adds logic to skip encryption of page data. This is effectively where
decryption happens, except that the data has already been decrypted when
entering the page cache. We just don't encrypt it again before writing it out
to disk.
Updates some error messages.
* loc/messages.xml
Adds two new error messages.
* shared/common/reference/SQLState
Adds two new SQLStates.
* tests/store/_Suite
Enables DecryptDatabaseTest.
Known missing tasks:
o logic to deal with DBO powers
o crash recovery test
o may want to introduce a DecryptContainerOperation instead of reusing the log
entry for encryption
o some potential cleanup/refactoring
o don't know if the error messages are satisfactory, or if we want to add
separate messages for each of the failure situations
o documentation (logged by Kim as DERBY-5939, thanks!), which should be very
similar to encryption, but much simpler. There is only one knob :) We probably
want to mention the failure situations, which are mainly conflicting attributes
and cases where decryption is unsupported/denied.
Patch ready for review.
> Make it possible to turn off encryption on an already encrypted database.
> -------------------------------------------------------------------------
>
> Key: DERBY-5792
> URL: https://issues.apache.org/jira/browse/DERBY-5792
> Project: Derby
> Issue Type: Improvement
> Components: JDBC, Store
> Affects Versions: 10.10.0.0
> Reporter: Rick Hillegas
> Assignee: Kristian Waagan
> Attachments: derby-5792-1a-boilerplate_and_preparation.diff,
> derby-5792-1b-boilerplate_and_preparation.diff,
> derby-5792-2a-decryptdatabasetest.diff, derby-5792-3a-decryption_feature.diff
>
>
> Currently, you can encrypt an unencrypted database and you can change the
> encryption key on an already encrypted database. However, Derby does not
> expose a way to turn off (unencrypt) an already encrypted database.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
