When you encrypt a database you must also specify a boot password,
which is an alpha-numeric string used to generate the encryption key.
The length of the encryption key depends on the algorithm used:
AES (128, 192, and 256 bits)
DES (the default) (56 bits)
DESede (168 bits)
All other algorithms (128 bits)
Note: The boot password should have at least as many characters as number
of bytes in the encryption key (56 bits=8 bytes, 168 bits=24 bytes, 128 bits=16
bytes). The minimum number of characters for the boot password allowed by Derby is eight.
It is a good idea not to use words that would be easily guessed, such as
a login name or simple words or numbers. A bootPassword, like any password,
should be a mix of numbers and upper- and lowercase letters.
You turn on and configure encryption and specify the corresponding boot
password on the connection URL for a database when you create it:
Note: If you lose the bootPassword and the database is not currently
booted, you will not be able to connect to the database anymore. (If you know
the current bootPassword, you can change it. See Encrypting databases with a new key.)