hive-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Xiaomeng Huang (JIRA)" <j...@apache.org>
Subject [jira] [Work started] (HIVE-7934) Improve column level encryption with key management
Date Fri, 05 Sep 2014 03:18:23 GMT

     [ https://issues.apache.org/jira/browse/HIVE-7934?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Work on HIVE-7934 started by Xiaomeng Huang.
--------------------------------------------
> Improve column level encryption with key management
> ---------------------------------------------------
>
>                 Key: HIVE-7934
>                 URL: https://issues.apache.org/jira/browse/HIVE-7934
>             Project: Hive
>          Issue Type: Improvement
>            Reporter: Xiaomeng Huang
>            Assignee: Xiaomeng Huang
>            Priority: Minor
>
> Now HIVE-6329 is a framework of column level encryption/decryption. But the implementation
in HIVE-6329 is just use Base64, it is not safe and have some problems:
> Base64WriteOnly can just get the ciphertext from client for any users. And Base64Rewriter
can just get plaintext from client for any users.
> I have an improvement based on HIVE-7934 using key management.
> {code}
> -- region-aes-column.q
> set hive.encrypt.key=123456789;
> set hive.encrypt.iv=123456; 
> drop table region_aes_column;
> create table region_aes_column (r_regionkey int, r_name string) ROW FORMAT SERDE 'org.apache.hadoop.hive.serde2.lazy.LazySimpleSerDe'
>   WITH SERDEPROPERTIES ('column.encode.columns'='r_name', 'column.encode.classname'='org.apache.hadoop.hive.serde2.aes.AESRewriter')

>   STORED AS TEXTFILE;
> insert overwrite table region_aes_column 
> select 
>   r_regionkey, r_name
> from region;
> hive> select * from region_aes_column;
> OK
> 0	/q5RTO1X
> 1	/qVGV+dV3g==
> 2	/rtKRA==
> 3	+r1RSv5T
> 4	8qFHQeJTvxWUadw=
> Time taken: 0.666 seconds, Fetched: 5 row(s)
> hive> set hive.encrypt.key=123456789;
> hive> set hive.encrypt.iv=123456;
> hive> select * from region_aes_column;
> OK
> 0	AFRICA
> 1	AMERICA
> 2	ASIA
> 3	EUROPE
> 4	MIDDLE EAST
> Time taken: 0.714 seconds, Fetched: 5 row(s)
> {code}



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message