How do I encrypt my DB files?

[Abyric]

Hi, after reading the manual and trying numerous times I keep getting
stuck at trying to encrypt my DB files.

What Im doing is connect to my DB with the following URL in the H2 web
console:

jdbc:h2:~/database;schema=testschema;CIPHER=AES
username: sa
password: filepw<space>sa

I altered admin user "SA"'s password to "sa".
I keep getting an "Encryption error 90049"

What am I doing wrong?

Thanks!

[Abyric]

Right after posting I've found a relevant post when searching the
forum for another question I had.

http://groups.google.com/group/h2-database/browse_thread/thread/4b80e2d5471fbc85/821ce2100db51e82?lnk=gst&q=ssl#821ce2100db51e82

I get the impression that File encryption is only available when
running a server? and SSL also for that matter?

Is SSL and File Encryption also available for the embedded version of
H2?

[Abyric]

Sorry to add yet another post.. (wish I could edit my mails!) but the
reason why I wish to use SSL on a local embedded database is because
the user/pass can be intercepted.
This is not desirable when you wish restrict access to your
applications DB.

On Apr 2, 4:56 am, Abyric <killingd...@gmail.com> wrote:
> Right after posting I've found a relevant post when searching the
> forum for another question I had.
>

> http://groups.google.com/group/h2-database/browse_thread/thread/4b80e...

[Thomas Mueller]

Hi,

> "Encryption error 90049"

If you try out the 'Error Analyzer' on the home page (Reference /
Error Analyzer, http://www.h2database.com/html/sourceError.html ) you
will see that this error means "trying to open an encrypted database
with the wrong file encryption password or algorithm."

If the database already exists and you want to encrypt it later on (or
decrypt it), you need to use the ChangeFileEncryption tool, see
http://www.h2database.com/javadoc/org/h2/tools/ChangeFileEncryption.html
(please note the new Javadoc format!) You can run the tool from the
command line or from the H2 Console (Tools).

Regards,
Thomas

[Thomas Mueller]

Hi,

> I get the impression that File encryption is only available when
> running a server? and SSL also for that matter?

Your impression is wrong. File encryption is supported for embedded
databases as well. See
http://www.h2database.com/html/features.html#file_encryption

> Is SSL and File Encryption also available for the embedded version of
> H2?

Yes.

Regards,
Thomas

[Abyric]

I've figured it out with your help!

Is it also possible to encrypt it from the start?
Or do I always have to run the tool?

Thanks,
Jeff

On Apr 2, 8:49 pm, Thomas Mueller <thomas.tom.muel...@gmail.com>
wrote:

> Hi,
>
> > "Encryption error 90049"
>
> If you try out the 'Error Analyzer' on the home page (Reference /

> Error Analyzer,http://www.h2database.com/html/sourceError.html) you

> will see that this error means "trying to open an encrypted database
> with the wrong file encryption password or algorithm."
>
> If the database already exists and you want to encrypt it later on (or

> decrypt it), you need to use the ChangeFileEncryption tool, seehttp://www.h2database.com/javadoc/org/h2/tools/ChangeFileEncryption.html

> (please note the new Javadoc format!) You can run the tool from the
> command line or from the H2 Console (Tools).
>
> Regards,
> Thomas
>

[Thomas Mueller]

Hi,

> I've figured it out with your help!

I will try to improve the documentation. Currently it doesn't talk
about the different scenarios.

> Is it also possible to encrypt it from the start?
> Or do I always have to run the tool?

Yes, just open a connection to a new database using the encryption
parameters. I will also document that. Example:

jdbc:h2:~/newDatabase;CIPHER=AES

username: sa
password: filepw<space>sa

Regards,
Thomas

[Abyric]

Hi

> Yes, just open a connection to a new database using the encryption
> parameters. I will also document that. Example:
>
> jdbc:h2:~/newDatabase;CIPHER=AES
> username: sa
> password: filepw<space>sa

Since the default
username: sa
password:

I tried the following but was not able to create the encryption.

jdbc:h2:~/newDatabase;CIPHER=AES
username: sa

password: test<space><space>
password: test<space>
password: test

Wrong password format, must be: file password <space> user password
[90050-107] 90050/90050
I seem to fail to describe the default password I fear...

[Thomas Mueller]

Hi,

> I tried the following but was not able to create the encryption.
>  jdbc:h2:~/newDatabase;CIPHER=AES
>  username: sa
>  password: test<space><space>
>  password: test<space>
>  password: test
>
> Wrong password format, must be: file password <space> user password
> [90050-107] 90050/90050
> I seem to fail to describe the default password I fear...

This is a problem of the H2 Console. Currently, the H2 Console trims
the password (removed leading and trailing spaces). This helps when
you copy & paste passwords from test files and so on. However in this
case (using a file encryption password but an empty user password)
it's bad.

I will change the H2 Console in the next release (no longer trim the
password field).

At the moment, you need to use non-empty user password, for example:
password: test<space>test

Regards,
Thomas

[Abyric]

Hi,

I would like to add to this that when using a properties file
(dbinfo.properties)
the same (trimming) problem occurs. To succesfully enable file
encryption the following has to be done.

Properties properties = new Properties();
properties.load(Main.class.getResourceAsStream("/
properties/dbinfo.properties"));
String driver = properties.getProperty("driver");
String url = properties.getProperty("url");
String username = properties.getProperty("username");
String password = properties.getProperty("password")+" "+"
";

Otherwise the same "error" occurs when using the console.
I got it working.

As always, thanks alot for your help
Jeff