DB2 uses a random number generator for secure seeding of data encrypted with the Advanced Encryption Standard (AES) algorithm. If you have enabled AES encryption with the AuthenticationMethod connection property, you should consider how best to implement secure seeding in your environment. The driver supports random number generator implementations by way of the RandomGenerator and SecureRandomAlgorithm connection properties. The RandomGenerator connection property allows you to specify the type of random number generator the database uses for secure seeding with JDK 7 or higher. If you select a cryptographically strong number generation algorithm, and if you are using JDK 8 or higher, you can then use the SecureRandomAlgorithm connection property to specify any number generation algorithm included in the JDK packaged with your system.
Note: When establishing a connection with a connection string, RandomGenerator and SecureRandomAlgorithm should precede the User and Password connection properties in the connection URL. When using a data source connection, RandomGenerator and SecureRandomAlgorithm should be set before making calls to setUser(), setPassword(), or setNewPassword().

The following steps outline how to configure a random number generator for secure seeding.

  1. If suitable to your environment, enable AES encryption by setting the AuthenticationMethod property to encryptedPasswordAES or encryptedUIDPasswordAES.
  2. Set the RandomGenerator connection property.
    • If you specify random, no further steps are required. A stream of pseudorandom numbers will be generated for secure seeding, and you have completed driver configuration of the random number generator.
    • If you specify secureRandom and you are using JDK 7, no further steps are required. The SHA1PRNG algorithm will be used by default, and you have completed driver configuration of the random number generator.
    • If you specify secureRandom and you are using JDK 8 or higher, proceed to the next step.
  3. Set the SecureRandomAlgorithm connection property by specifying the name of the SecureRandom number generation algorithm as a string, for example, SecureRandomAlgorithm=SHA1PRNG.
    Note: Refer to your database management system documentation to see which SecureRandom number generation algorithms are included in the JDK packaged with your system. Additional information is also available on the Java Cryptography Architecture Standard Algorithm Name Documentation for JDK 8 Web page.