hbase-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Andrew Purtell (JIRA)" <j...@apache.org>
Subject [jira] [Created] (HBASE-10062) Store the encrypted data length in the block encryption header instead of plaintext length
Date Mon, 02 Dec 2013 07:43:35 GMT
Andrew Purtell created HBASE-10062:
--------------------------------------

             Summary: Store the encrypted data length in the block encryption header instead
of plaintext length
                 Key: HBASE-10062
                 URL: https://issues.apache.org/jira/browse/HBASE-10062
             Project: HBase
          Issue Type: Improvement
            Reporter: Andrew Purtell
            Assignee: Andrew Purtell
            Priority: Minor
             Fix For: 0.98.0


After HBASE-7544, if an HFile belongs to an encrypted family, it is encrypted on a per block
basis. The encrypted blocks include the following header:
{noformat}
      // +--------------------------+
      // | vint plaintext length    |
      // +--------------------------+
      // | vint iv length           |
      // +--------------------------+
      // | iv data ...              |
      // +--------------------------+
      // | encrypted block data ... |
      // +--------------------------+
{noformat}

The reason for storing the plaintext length is so we can create an encryption stream over
the encrypted block data and, no matter the internal details of the crypto algorithm (whether
it adds padding, etc.) after reading the expected plaintext bytes we know the reader is finished.
However my colleague Jerry Chen pointed out today this construction mandates the block be
processed exactly that way. Storing and using the encrypted data length instead could provide
more implementation flexibility down the road.



--
This message was sent by Atlassian JIRA
(v6.1#6144)

Mime
View raw message