Derby DB Encryption

classic Classic list List threaded Threaded
8 messages Options
Reply | Threaded
Open this post in threaded view
|

Derby DB Encryption

Oskar Zinger
Hello - hope that someone has experience with Derby encryption.

I’ve been using this documentation:

I’m not sure what’s happening, I’ve encrypted the DB using dataEncryption=true and provided bootPassword, at first I used the same password as the Owner of DB, but then I used a different password. But regardless, what ever password I specify or not specify as bootPassword, the connection is made OK.

So to me, it looks as if the DB has not been really encrypted, even though I’m not see any exceptions/errors in derby.log.

How can I tell for sure that DB encryption really happened?

Thanks for you help!

Kind regards,
Oskar
Reply | Threaded
Open this post in threaded view
|

Re: Derby DB Encryption

Peter Ondruška-4
Oskar, you mixed two distinct topics, encryption and authentication. You should also follow https://db.apache.org/derby/docs/10.14/security/cseccsecure42374.html. Peter

On Wed, 24 Jul 2019 at 16:27, Oskar Z <[hidden email]> wrote:
Hello - hope that someone has experience with Derby encryption.

I’ve been using this documentation:

I’m not sure what’s happening, I’ve encrypted the DB using dataEncryption=true and provided bootPassword, at first I used the same password as the Owner of DB, but then I used a different password. But regardless, what ever password I specify or not specify as bootPassword, the connection is made OK.

So to me, it looks as if the DB has not been really encrypted, even though I’m not see any exceptions/errors in derby.log.

How can I tell for sure that DB encryption really happened?

Thanks for you help!

Kind regards,
Oskar

kaibo, s.r.o., ID 28435036, registered with the commercial register administered by the Municipal Court in Prague, section C, file 141269.
Registered office: Kališnická 379/10, Prague 3, 130 00, Czech Republic.
https://kaibo.eu
Reply | Threaded
Open this post in threaded view
|

Re: Derby DB Encryption

Oskar Zinger
I already have authentication working fine. I would like to also have data encryption.

Can I have both authentication and data encryption in Derby?

Sent from my iPhone

On Jul 24, 2019, at 11:37 AM, Peter Ondruška <[hidden email]> wrote:

Oskar, you mixed two distinct topics, encryption and authentication. You should also follow https://db.apache.org/derby/docs/10.14/security/cseccsecure42374.html. Peter

On Wed, 24 Jul 2019 at 16:27, Oskar Z <[hidden email]> wrote:
Hello - hope that someone has experience with Derby encryption.

I’ve been using this documentation:

I’m not sure what’s happening, I’ve encrypted the DB using dataEncryption=true and provided bootPassword, at first I used the same password as the Owner of DB, but then I used a different password. But regardless, what ever password I specify or not specify as bootPassword, the connection is made OK.

So to me, it looks as if the DB has not been really encrypted, even though I’m not see any exceptions/errors in derby.log.

How can I tell for sure that DB encryption really happened?

Thanks for you help!

Kind regards,
Oskar

kaibo, s.r.o., ID 28435036, registered with the commercial register administered by the Municipal Court in Prague, section C, file 141269.
Registered office: Kališnická 379/10, Prague 3, 130 00, Czech Republic.
https://kaibo.eu
Reply | Threaded
Open this post in threaded view
|

Re: Derby DB Encryption

Peter Ondruška-4
Well, you "boot" with bootPassword only once. After your database is opened you do not need to specify bootPassword anymore. Maybe even specifying incorrect bootPassword after database is already opened does not trigger any error and may seem misleading.

On Wed, 24 Jul 2019 at 19:47, Oskar Zinger <[hidden email]> wrote:
I already have authentication working fine. I would like to also have data encryption.

Can I have both authentication and data encryption in Derby?

Sent from my iPhone

On Jul 24, 2019, at 11:37 AM, Peter Ondruška <[hidden email]> wrote:

Oskar, you mixed two distinct topics, encryption and authentication. You should also follow https://db.apache.org/derby/docs/10.14/security/cseccsecure42374.html. Peter

On Wed, 24 Jul 2019 at 16:27, Oskar Z <[hidden email]> wrote:
Hello - hope that someone has experience with Derby encryption.

I’ve been using this documentation:

I’m not sure what’s happening, I’ve encrypted the DB using dataEncryption=true and provided bootPassword, at first I used the same password as the Owner of DB, but then I used a different password. But regardless, what ever password I specify or not specify as bootPassword, the connection is made OK.

So to me, it looks as if the DB has not been really encrypted, even though I’m not see any exceptions/errors in derby.log.

How can I tell for sure that DB encryption really happened?

Thanks for you help!

Kind regards,
Oskar

kaibo, s.r.o., ID 28435036, registered with the commercial register administered by the Municipal Court in Prague, section C, file 141269.
Registered office: Kališnická 379/10, Prague 3, 130 00, Czech Republic.
https://kaibo.eu

kaibo, s.r.o., ID 28435036, registered with the commercial register administered by the Municipal Court in Prague, section C, file 141269.
Registered office: Kališnická 379/10, Prague 3, 130 00, Czech Republic.
https://kaibo.eu
Reply | Threaded
Open this post in threaded view
|

Re: Derby DB Encryption

Oskar Zinger
Looks like the database when being encrypted, must be the FIRST connection to DB. If DB has existing connections before encryption, then it will not work, and thus the passwords don’t matter.

If encryption is done as a first connection to DB, then the DB must be shutdown, and then it seems to work, and the first call should have bootPassword. That’s what I found.

Thanks for the help and pointers! It got me thinking :-)

Regards,
Oskar

On Jul 24, 2019, at 2:08 PM, Peter Ondruška <[hidden email]> wrote:

Well, you "boot" with bootPassword only once. After your database is opened you do not need to specify bootPassword anymore. Maybe even specifying incorrect bootPassword after database is already opened does not trigger any error and may seem misleading.

On Wed, 24 Jul 2019 at 19:47, Oskar Zinger <[hidden email]> wrote:
I already have authentication working fine. I would like to also have data encryption.

Can I have both authentication and data encryption in Derby?

Sent from my iPhone

On Jul 24, 2019, at 11:37 AM, Peter Ondruška <[hidden email]> wrote:

Oskar, you mixed two distinct topics, encryption and authentication. You should also follow https://db.apache.org/derby/docs/10.14/security/cseccsecure42374.html. Peter

On Wed, 24 Jul 2019 at 16:27, Oskar Z <[hidden email]> wrote:
Hello - hope that someone has experience with Derby encryption.

I’ve been using this documentation:

I’m not sure what’s happening, I’ve encrypted the DB using dataEncryption=true and provided bootPassword, at first I used the same password as the Owner of DB, but then I used a different password. But regardless, what ever password I specify or not specify as bootPassword, the connection is made OK.

So to me, it looks as if the DB has not been really encrypted, even though I’m not see any exceptions/errors in derby.log.

How can I tell for sure that DB encryption really happened?

Thanks for you help!

Kind regards,
Oskar

kaibo, s.r.o., ID 28435036, registered with the commercial register administered by the Municipal Court in Prague, section C, file 141269.
Registered office: Kališnická 379/10, Prague 3, 130 00, Czech Republic.
https://kaibo.eu

kaibo, s.r.o., ID 28435036, registered with the commercial register administered by the Municipal Court in Prague, section C, file 141269.
Registered office: Kališnická 379/10, Prague 3, 130 00, Czech Republic.
https://kaibo.eu

Reply | Threaded
Open this post in threaded view
|

Re: Derby DB Encryption

Oskar Zinger
Does anyone know what is the default encryption algorithm for the Derby DB encryption?

Thanks,
Oskar

On Jul 24, 2019, at 6:14 PM, Oskar Z <[hidden email]> wrote:

Looks like the database when being encrypted, must be the FIRST connection to DB. If DB has existing connections before encryption, then it will not work, and thus the passwords don’t matter.

If encryption is done as a first connection to DB, then the DB must be shutdown, and then it seems to work, and the first call should have bootPassword. That’s what I found.

Thanks for the help and pointers! It got me thinking :-)

Regards,
Oskar

On Jul 24, 2019, at 2:08 PM, Peter Ondruška <[hidden email]> wrote:

Well, you "boot" with bootPassword only once. After your database is opened you do not need to specify bootPassword anymore. Maybe even specifying incorrect bootPassword after database is already opened does not trigger any error and may seem misleading.

On Wed, 24 Jul 2019 at 19:47, Oskar Zinger <[hidden email]> wrote:
I already have authentication working fine. I would like to also have data encryption.

Can I have both authentication and data encryption in Derby?

Sent from my iPhone

On Jul 24, 2019, at 11:37 AM, Peter Ondruška <[hidden email]> wrote:

Oskar, you mixed two distinct topics, encryption and authentication. You should also follow https://db.apache.org/derby/docs/10.14/security/cseccsecure42374.html. Peter

On Wed, 24 Jul 2019 at 16:27, Oskar Z <[hidden email]> wrote:
Hello - hope that someone has experience with Derby encryption.

I’ve been using this documentation:

I’m not sure what’s happening, I’ve encrypted the DB using dataEncryption=true and provided bootPassword, at first I used the same password as the Owner of DB, but then I used a different password. But regardless, what ever password I specify or not specify as bootPassword, the connection is made OK.

So to me, it looks as if the DB has not been really encrypted, even though I’m not see any exceptions/errors in derby.log.

How can I tell for sure that DB encryption really happened?

Thanks for you help!

Kind regards,
Oskar

kaibo, s.r.o., ID 28435036, registered with the commercial register administered by the Municipal Court in Prague, section C, file 141269.
Registered office: Kališnická 379/10, Prague 3, 130 00, Czech Republic.
https://kaibo.eu

kaibo, s.r.o., ID 28435036, registered with the commercial register administered by the Municipal Court in Prague, section C, file 141269.
Registered office: Kališnická 379/10, Prague 3, 130 00, Czech Republic.
https://kaibo.eu


Reply | Threaded
Open this post in threaded view
|

Re: Derby DB Encryption

Peter Ondruška-4
https://db.apache.org/derby/docs/10.14/security/cseccsecure88690.html

The default encryption algorithm is DES.

You can specify an encryption provider and/or encryption algorithm other than the defaults by using the encryptionProvider=providerName andencryptionAlgorithm=algorithm attributes.


On Thu, 25 Jul 2019, 01:13 Oskar Z, <[hidden email]> wrote:
Does anyone know what is the default encryption algorithm for the Derby DB encryption?

Thanks,
Oskar

On Jul 24, 2019, at 6:14 PM, Oskar Z <[hidden email]> wrote:

Looks like the database when being encrypted, must be the FIRST connection to DB. If DB has existing connections before encryption, then it will not work, and thus the passwords don’t matter.

If encryption is done as a first connection to DB, then the DB must be shutdown, and then it seems to work, and the first call should have bootPassword. That’s what I found.

Thanks for the help and pointers! It got me thinking :-)

Regards,
Oskar

On Jul 24, 2019, at 2:08 PM, Peter Ondruška <[hidden email]> wrote:

Well, you "boot" with bootPassword only once. After your database is opened you do not need to specify bootPassword anymore. Maybe even specifying incorrect bootPassword after database is already opened does not trigger any error and may seem misleading.

On Wed, 24 Jul 2019 at 19:47, Oskar Zinger <[hidden email]> wrote:
I already have authentication working fine. I would like to also have data encryption.

Can I have both authentication and data encryption in Derby?

Sent from my iPhone

On Jul 24, 2019, at 11:37 AM, Peter Ondruška <[hidden email]> wrote:

Oskar, you mixed two distinct topics, encryption and authentication. You should also follow https://db.apache.org/derby/docs/10.14/security/cseccsecure42374.html. Peter

On Wed, 24 Jul 2019 at 16:27, Oskar Z <[hidden email]> wrote:
Hello - hope that someone has experience with Derby encryption.

I’ve been using this documentation:

I’m not sure what’s happening, I’ve encrypted the DB using dataEncryption=true and provided bootPassword, at first I used the same password as the Owner of DB, but then I used a different password. But regardless, what ever password I specify or not specify as bootPassword, the connection is made OK.

So to me, it looks as if the DB has not been really encrypted, even though I’m not see any exceptions/errors in derby.log.

How can I tell for sure that DB encryption really happened?

Thanks for you help!

Kind regards,
Oskar

kaibo, s.r.o., ID 28435036, registered with the commercial register administered by the Municipal Court in Prague, section C, file 141269.
Registered office: Kališnická 379/10, Prague 3, 130 00, Czech Republic.
https://kaibo.eu

kaibo, s.r.o., ID 28435036, registered with the commercial register administered by the Municipal Court in Prague, section C, file 141269.
Registered office: Kališnická 379/10, Prague 3, 130 00, Czech Republic.
https://kaibo.eu



kaibo, s.r.o., ID 28435036, registered with the commercial register administered by the Municipal Court in Prague, section C, file 141269.
Registered office: Kališnická 379/10, Prague 3, 130 00, Czech Republic.
https://kaibo.eu
Reply | Threaded
Open this post in threaded view
|

Re: Derby DB Encryption

Oskar Zinger
Thanks Peter!

Sent from my iPhone

On Jul 24, 2019, at 10:37 PM, Peter Ondruška <[hidden email]> wrote:

https://db.apache.org/derby/docs/10.14/security/cseccsecure88690.html

The default encryption algorithm is DES.

You can specify an encryption provider and/or encryption algorithm other than the defaults by using the encryptionProvider=providerName andencryptionAlgorithm=algorithm attributes.


On Thu, 25 Jul 2019, 01:13 Oskar Z, <[hidden email]> wrote:
Does anyone know what is the default encryption algorithm for the Derby DB encryption?

Thanks,
Oskar

On Jul 24, 2019, at 6:14 PM, Oskar Z <[hidden email]> wrote:

Looks like the database when being encrypted, must be the FIRST connection to DB. If DB has existing connections before encryption, then it will not work, and thus the passwords don’t matter.

If encryption is done as a first connection to DB, then the DB must be shutdown, and then it seems to work, and the first call should have bootPassword. That’s what I found.

Thanks for the help and pointers! It got me thinking :-)

Regards,
Oskar

On Jul 24, 2019, at 2:08 PM, Peter Ondruška <[hidden email]> wrote:

Well, you "boot" with bootPassword only once. After your database is opened you do not need to specify bootPassword anymore. Maybe even specifying incorrect bootPassword after database is already opened does not trigger any error and may seem misleading.

On Wed, 24 Jul 2019 at 19:47, Oskar Zinger <[hidden email]> wrote:
I already have authentication working fine. I would like to also have data encryption.

Can I have both authentication and data encryption in Derby?

Sent from my iPhone

On Jul 24, 2019, at 11:37 AM, Peter Ondruška <[hidden email]> wrote:

Oskar, you mixed two distinct topics, encryption and authentication. You should also follow https://db.apache.org/derby/docs/10.14/security/cseccsecure42374.html. Peter

On Wed, 24 Jul 2019 at 16:27, Oskar Z <[hidden email]> wrote:
Hello - hope that someone has experience with Derby encryption.

I’ve been using this documentation:

I’m not sure what’s happening, I’ve encrypted the DB using dataEncryption=true and provided bootPassword, at first I used the same password as the Owner of DB, but then I used a different password. But regardless, what ever password I specify or not specify as bootPassword, the connection is made OK.

So to me, it looks as if the DB has not been really encrypted, even though I’m not see any exceptions/errors in derby.log.

How can I tell for sure that DB encryption really happened?

Thanks for you help!

Kind regards,
Oskar

kaibo, s.r.o., ID 28435036, registered with the commercial register administered by the Municipal Court in Prague, section C, file 141269.
Registered office: Kališnická 379/10, Prague 3, 130 00, Czech Republic.
https://kaibo.eu

kaibo, s.r.o., ID 28435036, registered with the commercial register administered by the Municipal Court in Prague, section C, file 141269.
Registered office: Kališnická 379/10, Prague 3, 130 00, Czech Republic.
https://kaibo.eu



kaibo, s.r.o., ID 28435036, registered with the commercial register administered by the Municipal Court in Prague, section C, file 141269.
Registered office: Kališnická 379/10, Prague 3, 130 00, Czech Republic.
https://kaibo.eu