hbase-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Dapeng Sun (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HBASE-16463) Improve transparent table/CF encryption with Commons Crypto
Date Fri, 23 Sep 2016 08:40:21 GMT

    [ https://issues.apache.org/jira/browse/HBASE-16463?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15515808#comment-15515808

Dapeng Sun commented on HBASE-16463:

Thank [~ram_krish] for your comments.
{quote} I think this change looks harmless in terms of impl as it is implementing existing
interfaces.  {quote}
Yes, the impl would be harmless.
This version is the updated stable release version available? 
Yes, this is a stable release, Spark shuffle encryption is using it.
What is the procedure if the cluster has to be upgraded from AES to the new commons cryto?
Major compaction should be run before using the new algo?
The encrypted result would be same when AES and CRYPTO are using same mode (eg. AES/CTR/NoPadding),
there wouldn't have issue of data compatibility. I think the procedure would be updating the
configuration, and restarting service or reloading configuration.
 public static final String RNG_ALGORITHM_KEY = "hbase.crypto.algorithm.rng";
60	  public static final String RNG_PROVIDER_KEY = "hbase.crypto.algorithm.rng.provider";
these config keys can be moved to the Cipher abstract class if the existing AES cipher also
uses the same key. Same with IV_LENGTH, BLOCK_SIZE etc.
Good suggestion, I will update it on next patch.

> Improve transparent table/CF encryption with Commons Crypto
> -----------------------------------------------------------
>                 Key: HBASE-16463
>                 URL: https://issues.apache.org/jira/browse/HBASE-16463
>             Project: HBase
>          Issue Type: New Feature
>          Components: encryption
>    Affects Versions: 2.0.0
>            Reporter: Dapeng Sun
>         Attachments: HBASE-16463.001.patch, HBASE-16463.002.patch, HBASE-16463.003.patch
> Apache Commons Crypto (https://commons.apache.org/proper/commons-crypto/index.html) is
a cryptographic library optimized with AES-NI.
> HBASE-7544 introduces a framework for transparent encryption feature for protecting HFile
and WAL data at rest. Currently JCE cipher is used bu default, the improvement will use Commons
Crypto to accelerate the transparent encryption of HBase. new crypto provider with Commons
CRYPTO will be provided for Transparent encryption.

This message was sent by Atlassian JIRA

View raw message