hadoop-hdfs-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Charles Lamb (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HDFS-6724) Decrypt EDEK before creating CryptoInputStream/CryptoOutputStream
Date Thu, 24 Jul 2014 22:59:39 GMT

    [ https://issues.apache.org/jira/browse/HDFS-6724?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14073797#comment-14073797
] 

Charles Lamb commented on HDFS-6724:
------------------------------------

Hi [~andrew.wang],

I only have a few little nits. In general I'm +1, but I'd like to hear what Yi has to say.

DFSUtil.java:

{code}
@throws java.io.IOException.
{code}

You don't need java.io. since it's imported.

KeyProviderCryptoExtension.java:

{code}
     * @param encryptedKeyIv           Initialization vector of the encrypted
     *                                 key. The IV of the encryption key used to
     *                                 encrypt the encrypted key is derived from
     *                                 this IV.
{code}

In this comment would it be possible to add the word "data" as in "data encryption key" to
help clarify the difference between the two keys? I realize you've already got "encrypted"
and "encryption", but that's a subtle difference and likely to be lost on an unfamiliar reader.

TestEncryptionZones.java:

I don't see a lot of System.out.printlns in unit tests. I suppose it's because it's harder
to find the output. Would it be more vogue to use logging?


> Decrypt EDEK before creating CryptoInputStream/CryptoOutputStream
> -----------------------------------------------------------------
>
>                 Key: HDFS-6724
>                 URL: https://issues.apache.org/jira/browse/HDFS-6724
>             Project: Hadoop HDFS
>          Issue Type: Sub-task
>          Components: security
>    Affects Versions: fs-encryption (HADOOP-10150 and HDFS-6134)
>            Reporter: Yi Liu
>            Assignee: Andrew Wang
>         Attachments: hdfs-6724.001.patch
>
>
> In DFSClient, we need to decrypt EDEK before creating CryptoInputStream/CryptoOutputStream,
currently edek is used directly.



--
This message was sent by Atlassian JIRA
(v6.2#6252)

Mime
View raw message