// start the cipher factory module, that is is used to create
// instances of the cipher factory with specific enctyption
// properties.
CipherFactoryBuilder cb = (CipherFactoryBuilder)
Monitor.startSystemModule(org.apache.derby.iapi.reference.Module.CipherFactoryBuilder);
// create instance of the cipher factory with the
// specified encryption properties.
currentCipherFactory = cb.createCipherFactory(setupEncryption,
properties,
false);
// The database can be encrypted using an encryption key that is given at
// connection url. For security reasons, this key is not made persistent
// in the database. But it is necessary to verify the encryption key
// whenever booting the database if it is similar to the key that was used
// during creation time. This needs to happen before we access the data/logs to
// avoid the risk of corrupting the database because of a wrong encryption key.
// Please note this verification process does not provide any added security
// but is intended to allow to fail gracefully if a wrong encryption key
// is used during boot time
currentCipherFactory.verifyKey(setupEncryption, storageFactory, properties);
// Initializes the encryption and decryption engines
encryptionEngine = currentCipherFactory.
createNewCipher(CipherFactory.ENCRYPT);
// At creation time of an encrypted database, store the encryption block size
// for the algorithm. Store this value as property given by
// RawStoreFactory.ENCRYPTION_BLOCKSIZE. This value
// is made persistent by storing it in service.properties
// To connect to an existing database, retrieve the value and use it for
// appropriate padding.
// The default value of encryption block size is 8,
// to allow for downgrade issues
// Before support for AES (beetle6023), default encryption block size supported
// was 8
if(setupEncryption)
{
encryptionBlockSize = encryptionEngine.getEncryptionBlockSize();
// in case of database create, store the encryption block
// size. Incase of reconfiguring the existing datbase, this
// will be saved after encrypting the exisiting data.
if (create)
properties.put(RawStoreFactory.ENCRYPTION_BLOCKSIZE,
String.valueOf(encryptionBlockSize));
}
else
{
if(properties.getProperty(RawStoreFactory.ENCRYPTION_BLOCKSIZE) != null)
encryptionBlockSize = Integer.parseInt(properties.getProperty
(RawStoreFactory.ENCRYPTION_BLOCKSIZE));
else
encryptionBlockSize = encryptionEngine.getEncryptionBlockSize();
}
decryptionEngine = currentCipherFactory.
createNewCipher(CipherFactory.DECRYPT);
random = currentCipherFactory.getSecureRandom();
if (encryptDatabase) {
if (reEncrypt) {
// create new cipher factory with the new encrytpion
// properties specified by the user. This cipher factory
// is used to create the new encryption/decryption
// engines to reencrypt the database with the new
// encryption keys.
newCipherFactory =
cb.createCipherFactory(setupEncryption,
properties,
true);
newDecryptionEngine =
newCipherFactory.createNewCipher(CipherFactory.DECRYPT);
newEncryptionEngine =