Db2 uses a random number generator for secure seeding of data encrypted with the Advanced Encryption Standard (AES) algorithm. If you have enabled AES encryption with the AuthenticationMethod connection property, you should consider how best to implement secure seeding in your environment. The driver supports random number generator implementations by way of the RandomGenerator and SecureRandomAlgorithm connection properties. The RandomGenerator connection property allows you to specify the type of random number generator the database uses for secure seeding. If you select a cryptographically strong number generation algorithm, you can then use the SecureRandomAlgorithm connection property to specify any number generation algorithm included in the JDK packaged with your system.
Note: When establishing a connection with a connection string, RandomGenerator and SecureRandomAlgorithm should precede the User and Password connection properties in the connection URL. When using a data source connection, RandomGenerator and SecureRandomAlgorithm should be set before making calls to setUser(), setPassword(), or setNewPassword().

The following steps outline how to configure a random number generator for secure seeding.

  1. Configure the basic connection properties required for a connection:
    • Set the DatabaseName property to specify the name of the database to which you want to connect. Valid only on Db2 for Linux, UNIX, and Windows; Db2 Hosted; and Db2 Warehouse on Cloud.
    • Set the LocationName property to specify the name of the Db2 location that you want to access. Valid only on Db2 for z/OS and Db2 for I.
    • Set the PortNumber property to specify the TCP port of the primary database server that is listening for connections to the database.
    • Set the ServerName property to specify either the IP address in IPv4 or IPv6 format, or the server name (if your network supports named servers) of the primary database server.
  2. If suitable to your environment, enable AES encryption by setting the AuthenticationMethod property to encryptedPasswordAES or encryptedUIDPasswordAES.
  3. Set the RandomGenerator connection property.
    • If you specify random, no further steps are required. A stream of pseudorandom numbers will be generated for secure seeding, and you have completed driver configuration of the random number generator.
    • If you specify secureRandom, proceed to the next step.
  4. Set the SecureRandomAlgorithm connection property by specifying the name of the SecureRandom number generation algorithm as a string. For example, SecureRandomAlgorithm=SHA1PRNG.
    Note: Refer to your database management system documentation to see which SecureRandom number generation algorithms are included in the JDK packaged with your system. Additional information is also available on the Java Cryptography Architecture Standard Algorithm Name Documentation for JDK 8 Web page.
  5. Set the User property to specify the user name that is used to connect to the database.
  6. Set the Password property to specify the password.

The following examples show the connection information required to connect to a Db2 for Linux, UNIX, and Windows database using user ID/password authentication and AES encryption.

Connection URL

Connection conn = DriverManager.getConnection 
("jdbc:datadirect:db2://myserver:50000;DatabaseName=payroll;
 AuthenticationMethod=encryptedUIDPasswordAES;RandomGenerator=random;
 SecureRandomAlgorithm=SHA1PRNG;User=test;Password=secret);

Data Source

Db2DataSource mds = new Db2DataSource();
mds.setDescription("My Db2 Data Source");
mds.setServerName("myserver");
mds.setPortNumber("50000");
mds.setDatabaseName("payroll");
mds.setAuthenticationMethod("encryptedUIDPasswordAES");
mds.setRandomGenerator("random");
mds.setSecureRandomAlgorithm("SHA1PRNG");
mds.setUser("jsmith");
mds.setPassword("secret");
Note: The User and Password properties are not required to be stored in the connection string. They can also be passed separately by the application.