hbase-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Mate Szalay-Beko (Jira)" <j...@apache.org>
Subject [jira] [Created] (HBASE-25304) Support AES-192 and AES-256 in DefaultCipherProvider
Date Wed, 18 Nov 2020 16:59:00 GMT
Mate Szalay-Beko created HBASE-25304:

             Summary: Support AES-192 and AES-256 in DefaultCipherProvider
                 Key: HBASE-25304
                 URL: https://issues.apache.org/jira/browse/HBASE-25304
             Project: HBase
          Issue Type: Improvement
          Components: encryption
            Reporter: Mate Szalay-Beko
            Assignee: Mate Szalay-Beko

The DefaultCipherProvider currently supports AES-128. In some security policies (such as the
Application Security and Development STIG), AES-256 is required in certain situations.

I want to add AES-192 and AES-256 support. I quickly tried to implement this as part of HBASE-25263,
but after 1-2 days I realized that it worths a separate task in Jira. The main challenge is
that the key length and the algorithm needs to be decoupled in the code, and also some more
tests need to be added to make sure we are backward-compatible and also supporting AES-192
and AES-256.

Beside defining a new algorithm and key on the Java API, I also want to make the usage of
e.g. AES-256 in the shell, like:
create 'test', {NAME => 'cf', ENCRYPTION => 'AES-256', ENCRYPTION_KEY => 'mysecret'}

Also we should support AES-192 and AES-256 in master encryption keys. And we need to document
how the users can configure / use it.

This message was sent by Atlassian Jira

View raw message