cassandra-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Jason Brown (JIRA)" <>
Subject [jira] [Commented] (CASSANDRA-9945) Add transparent data encryption core classes
Date Thu, 30 Jul 2015 21:31:06 GMT


Jason Brown commented on CASSANDRA-9945:

Added link to the branch up on github (see above).

NOTE: to test this code (there's only one test class for this submission), you need to have
the Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files 8 installed.
It's a jar that can be downloaded from Oracle (current link:

Highlights of patch:
- created new yaml section called "transparent_data_encryption_options". The config allows
users to set the name of the keystore as well as the key (alias) within the keystore to use.
This allows multiple keys to be used from the same store, and further allows users to migrate
keys (see later). 
- added CipherFactory as a proxy for loading and caching keys in memory, as well as getting
instances of Ciphers (using the loaded keys).
- KeyProvider interface allows keys to either be loaded from a local keystore (via the default
implementation, JKSKeyProvider), or to be loaded from a custom source. We need that functionality
at $DAY_JOB, hence the reason for the pluggable implementation.

> Add transparent data encryption core classes
> --------------------------------------------
>                 Key: CASSANDRA-9945
>                 URL:
>             Project: Cassandra
>          Issue Type: Improvement
>            Reporter: Jason Brown
>            Assignee: Jason Brown
>              Labels: encryption
>             Fix For: 3.0 beta 1
> This patch will add the core infrastructure classes necessary for transparent data encryption
(file-level encryption), as required for CASSANDRA-6018 and CASSANDRA-9633.  The phrase "transparent
data encryption", while not the most aesthetically pleasing, seems to be used throughout the
database industry (Oracle, SQLQServer, Datastax Enterprise) to describe file level encryption,
so we're go with that, as well. 

This message was sent by Atlassian JIRA

View raw message