Creating the boot password

When you encrypt a database you must also specify a boot password, which is an alpha-numeric string used to generate the encryption key.

The length of the encryption key depends on the algorithm used:

Note: The boot password should have at least as many characters as number of bytes in the encryption key (56 bits=8 bytes, 168 bits=24 bytes, 128 bits=16 bytes). The minimum number of characters for the boot password allowed by Derby is eight.

It is a good idea not to use words that would be easily guessed, such as a login name or simple words or numbers. A bootPassword, like any password, should be a mix of numbers and upper- and lowercase letters.

You turn on and configure encryption and specify the corresponding boot password on the connection URL for a database when you create it:

jdbc:derby:encryptionDB1;create=true;dataEncryption=true;
    bootPassword=clo760uds2caPe
Note: If you lose the bootPassword and the database is not currently booted, you will not be able to connect to the database anymore. (If you know the current bootPassword, you can change it. See Encrypting databases with a new key.)
Related concepts
Encrypting databases on creation
Booting an encrypted database