[
https://issues.apache.org/jira/browse/DERBY-3710?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12737638#action_12737638
]
Myrna van Lunteren commented on DERBY-3710:
-------------------------------------------
for what it's worth...
The troublesome thing with encryptionAESTest was that encryption lengths > 128
require unrestricted policy files which don't get installed by default, and
aren't available to everyone in the world. So there was the choice between
introducing false failures for those people who might try to run the tests
without them, or risking the tests cases not getting run unnoticed.
Perhaps we should at least *always* print out the text indicating the
unrestricted policy jar files aren't available (currently it's in a if
(TestConfiguration.getCurrent().doTrace()) block, so only will show up if you
run with -Dderby.tests.trace=true).
Note also DERBY-4325 which has a further suggestion for improvement to the
encryptionAESTest.
> cannot access a database using AES encryption with encryptionKeyLength=192
> after it's been shutdown
> ---------------------------------------------------------------------------------------------------
>
> Key: DERBY-3710
> URL: https://issues.apache.org/jira/browse/DERBY-3710
> Project: Derby
> Issue Type: Bug
> Components: Services
> Affects Versions: 10.5.1.1
> Environment: reproduced with ibm's jdk 1.5 and 1.6, and sun's jdk15.
> AES encryption with encryptionKeyLength=192 requires unrestricted security
> policy jars on your jvm
> Reporter: Myrna van Lunteren
> Assignee: Rick Hillegas
> Attachments: derby-3710-01-aa-digestPaddedPassword.diff,
> derby-3710-01-ab-digestPaddedPassword.diff, repro-3710.sql, repro.sql
>
>
> Accessing a database created using encryptionAlgorithm: AES/CBC/NoPadding,
> and encryptionKeyLength=192 after it's been shutdown fails like so:
> -----------------------
> ERROR XJ040: Failed to start database 'encdbcbc_192', see the next exception
> for details.
> ERROR XBM06: Startup failed. An encrypted database cannot be accessed without
> the correct boot password.
> ----------------------
> This does not occur when you use encryptionKeyLength=128 (does not require
> unrestricted jars) nor encryptionKeyLength=256 (does require unrestricted
> policy jars).
> Note: our test (in derbyall): store/aes.sql does not test this, firstly it
> doesn't test the larger sizes (because it would diff & fail unless you have
> been able to adjust your jvm's policy jars), and secondly it doesn't shutdown
> before reconnecting.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
