Return-Path: <common-issues-return-145709-archive-asf-public=cust-asf.ponee.io@hadoop.apache.org>
X-Original-To: archive-asf-public-internal@cust-asf2.ponee.io
Delivered-To: archive-asf-public-internal@cust-asf2.ponee.io
Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183])
	by cust-asf2.ponee.io (Postfix) with ESMTP id 92AAA200D56
	for <archive-asf-public-internal@cust-asf2.ponee.io>; Tue, 12 Dec 2017 23:39:04 +0100 (CET)
Received: by cust-asf.ponee.io (Postfix)
	id 91483160C10; Tue, 12 Dec 2017 22:39:04 +0000 (UTC)
Delivered-To: archive-asf-public@cust-asf.ponee.io
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by cust-asf.ponee.io (Postfix) with SMTP id D3D72160BE7
	for <archive-asf-public@cust-asf.ponee.io>; Tue, 12 Dec 2017 23:39:03 +0100 (CET)
Received: (qmail 66513 invoked by uid 500); 12 Dec 2017 22:39:03 -0000
Mailing-List: contact common-issues-help@hadoop.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:common-issues-help@hadoop.apache.org>
List-Unsubscribe: <mailto:common-issues-unsubscribe@hadoop.apache.org>
List-Post: <mailto:common-issues@hadoop.apache.org>
List-Id: <common-issues.hadoop.apache.org>
Delivered-To: mailing list common-issues@hadoop.apache.org
Received: (qmail 66502 invoked by uid 99); 12 Dec 2017 22:39:02 -0000
Received: from pnap-us-west-generic-nat.apache.org (HELO spamd1-us-west.apache.org) (209.188.14.142)
    by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 12 Dec 2017 22:39:02 +0000
Received: from localhost (localhost [127.0.0.1])
	by spamd1-us-west.apache.org (ASF Mail Server at spamd1-us-west.apache.org) with ESMTP id 88061C431B
	for <common-issues@hadoop.apache.org>; Tue, 12 Dec 2017 22:39:02 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at spamd1-us-west.apache.org
X-Spam-Flag: NO
X-Spam-Score: -99.211
X-Spam-Level: 
X-Spam-Status: No, score=-99.211 tagged_above=-999 required=6.31
	tests=[KAM_ASCII_DIVIDERS=0.8, SPF_PASS=-0.001,
	T_RP_MATCHES_RCVD=-0.01, USER_IN_WHITELIST=-100] autolearn=disabled
Received: from mx1-lw-eu.apache.org ([10.40.0.8])
	by localhost (spamd1-us-west.apache.org [10.40.0.7]) (amavisd-new, port 10024)
	with ESMTP id jj76gJ-BCgXY for <common-issues@hadoop.apache.org>;
	Tue, 12 Dec 2017 22:39:01 +0000 (UTC)
Received: from mailrelay1-us-west.apache.org (mailrelay1-us-west.apache.org [209.188.14.139])
	by mx1-lw-eu.apache.org (ASF Mail Server at mx1-lw-eu.apache.org) with ESMTP id 317805F1EE
	for <common-issues@hadoop.apache.org>; Tue, 12 Dec 2017 22:39:01 +0000 (UTC)
Received: from jira-lw-us.apache.org (unknown [207.244.88.139])
	by mailrelay1-us-west.apache.org (ASF Mail Server at mailrelay1-us-west.apache.org) with ESMTP id 76258E08C6
	for <common-issues@hadoop.apache.org>; Tue, 12 Dec 2017 22:39:00 +0000 (UTC)
Received: from jira-lw-us.apache.org (localhost [127.0.0.1])
	by jira-lw-us.apache.org (ASF Mail Server at jira-lw-us.apache.org) with ESMTP id 32EA8212FA
	for <common-issues@hadoop.apache.org>; Tue, 12 Dec 2017 22:39:00 +0000 (UTC)
Date: Tue, 12 Dec 2017 22:39:00 +0000 (UTC)
From: "Steve Moist (JIRA)" <jira@apache.org>
To: common-issues@hadoop.apache.org
Message-ID: <JIRA.13115396.1509552442000.443266.1513118340204@Atlassian.JIRA>
In-Reply-To: <JIRA.13115396.1509552442000@Atlassian.JIRA>
References: <JIRA.13115396.1509552442000@Atlassian.JIRA> <JIRA.13115396.1509552442238@jira-lw-us.apache.org>
Subject: [jira] [Commented] (HADOOP-15006) Encrypt S3A data client-side with
 Hadoop libraries & Hadoop KMS
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit
X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394
archived-at: Tue, 12 Dec 2017 22:39:04 -0000


    [ https://issues.apache.org/jira/browse/HADOOP-15006?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16288396#comment-16288396 ] 

Steve Moist commented on HADOOP-15006:
--------------------------------------

I don't think anyone's started it.  I posted the design doc in hopes of others looking at it and critiquing it in the background while I focus on other things, that once enough people had reviewed it, to start on it then.  The changes to the Hadoop CLI, KMS and other components was what worried me about it.  It's bigger in scope than just S3a. 

In the proposal I made, we didn't have an issue with the cipher text length and plaintext length as we used CTR with no padding vs the CBC with PKCS5Padding that the AWS sdk uses.  I wrote a quick prototype using AES/CTR/NoPadding and ran all the integration tests against it and it ran without issue and did diffs on the before/after of upload/download along with TerraSort and had no issues.

> Encrypt S3A data client-side with Hadoop libraries & Hadoop KMS
> ---------------------------------------------------------------
>
>                 Key: HADOOP-15006
>                 URL: https://issues.apache.org/jira/browse/HADOOP-15006
>             Project: Hadoop Common
>          Issue Type: New Feature
>          Components: fs/s3, kms
>            Reporter: Steve Moist
>            Priority: Minor
>         Attachments: S3-CSE Proposal.pdf
>
>
> This is for the proposal to introduce Client Side Encryption to S3 in such a way that it can leverage HDFS transparent encryption, use the Hadoop KMS to manage keys, use the `hdfs crypto` command line tools to manage encryption zones in the cloud, and enable distcp to copy from HDFS to S3 (and vice-versa) with data still encrypted.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

---------------------------------------------------------------------
To unsubscribe, e-mail: common-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: common-issues-help@hadoop.apache.org