Hi George, Derby does decrypt or encrypt a database page or log record on the fly as it is loaded from disk into the buffer page cache or when flushing to the database / written to the log accordingly.
As far as 'encryptionKeyLength', it is *now* documented as part of the latest Alpha documentation set: c.f. Developer Guide at: http://db.apache.org/derby/docs/dev/devguide/devguide-single.html There was a JIRA opened for this issue at: http://issues.apache.org/jira/browse/DERBY-4229 Hope this helps, --francois On Tue, Nov 17, 2009 at 11:16 PM, George H <[email protected]> wrote: > Hi all, > > I use the derby database encryption frequently in my programs but I was > wondering how it really works. > > Does it decrypt the db once on boot and then once more time on shutdown > only ? > or does the database stay encrypted all the time and the data that goes > back and forth is encrypted/decrypted on the fly ? > > One more question whose answer is not in the derby docs, when I specify an > encryption key in the jdbc url and I do not specify the > "encryptionKeyLength" parameter, what does it take as default value? > supposed I was using AES or Blowfish which can use 192 or 256bit keys, does > derby automatically guess the key length from the specified key? > > Thanks. > -- > George H > [email protected] >
