hive-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Xiaomeng Huang (JIRA)" <>
Subject [jira] [Commented] (HIVE-6329) Support column level encryption/decryption
Date Wed, 27 Aug 2014 07:55:00 GMT


Xiaomeng Huang commented on HIVE-6329:

Hi, Navis
I agree with your patch is a framework of column level encryption/decryption. I am curious
if you use Base64WriteOnly to encode your values, then how to get the plaintext? And now Base64Rewriter
just get the plaintext instread of ciphertext from client, right?
 I have an idea to improve it: we use keymanagement to do encode/decode in Rewriter. And the
path of key in local will set to configuration instead of SERDEPROPERTIES. User1 use the key1
to encode values when instert data and the values of these colums will be encoded in HDFS.
User2 want to scan the tables, if he has key1, he can decode the value successfully and get
the plaintext. Otherwise, if he has no key or a wrong key, he will decode failed and just
get the ciphertext.
If this approach make sense to you. I want to create a jira to improve it via keymanagement
based on this jira.

> Support column level encryption/decryption
> ------------------------------------------
>                 Key: HIVE-6329
>                 URL:
>             Project: Hive
>          Issue Type: New Feature
>          Components: Security, Serializers/Deserializers
>            Reporter: Navis
>            Assignee: Navis
>            Priority: Minor
>         Attachments: HIVE-6329.1.patch.txt, HIVE-6329.10.patch.txt, HIVE-6329.11.patch.txt,
HIVE-6329.2.patch.txt, HIVE-6329.3.patch.txt, HIVE-6329.4.patch.txt, HIVE-6329.5.patch.txt,
HIVE-6329.6.patch.txt, HIVE-6329.7.patch.txt, HIVE-6329.8.patch.txt, HIVE-6329.9.patch.txt
> Receiving some requirements on encryption recently but hive is not supporting it. Before
the full implementation via HIVE-5207, this might be useful for some cases.
> {noformat}
> hive> create table encode_test(id int, name STRING, phone STRING, address STRING)

>     > ROW FORMAT SERDE 'org.apache.hadoop.hive.serde2.lazy.LazySimpleSerDe' 
>     > WITH SERDEPROPERTIES ('column.encode.columns'='phone,address', 'column.encode.classname'='org.apache.hadoop.hive.serde2.Base64WriteOnly')
> OK
> Time taken: 0.584 seconds
> hive> insert into table encode_test select 100,'navis','010-0000-0000','Seoul, Seocho'
from src tablesample (1 rows);
> ......
> OK
> Time taken: 5.121 seconds
> hive> select * from encode_test;
> OK
> 100	navis	  MDEwLTAwMDAtMDAwMA==	U2VvdWwsIFNlb2Nobw==
> Time taken: 0.078 seconds, Fetched: 1 row(s)
> hive> 
> {noformat}

This message was sent by Atlassian JIRA

View raw message