[jira] [Commented] (CASSANDRA-9945) Add transparent data encryption core classes

Thu, 30 Jul 2015 14:32:09 -0700 

    [ 
https://issues.apache.org/jira/browse/CASSANDRA-9945?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14648342#comment-14648342
 ] 

Jason Brown commented on CASSANDRA-9945:
----------------------------------------

Added link to the branch up on github (see above).

NOTE: to test this code (there's only one test class for this submission), you 
need to have the Java Cryptography Extension (JCE) Unlimited Strength 
Jurisdiction Policy Files 8 installed. It's a jar that can be downloaded from 
Oracle (current link: 
http://www.oracle.com/technetwork/java/javase/downloads/jce8-download-2133166.html).

Highlights of patch:
- created new yaml section called "transparent_data_encryption_options". The 
config allows users to set the name of the keystore as well as the key (alias) 
within the keystore to use. This allows multiple keys to be used from the same 
store, and further allows users to migrate keys (see later). 
- added CipherFactory as a proxy for loading and caching keys in memory, as 
well as getting instances of Ciphers (using the loaded keys).
- KeyProvider interface allows keys to either be loaded from a local keystore 
(via the default implementation, JKSKeyProvider), or to be loaded from a custom 
source. We need that functionality at $DAY_JOB, hence the reason for the 
pluggable implementation.



> Add transparent data encryption core classes
> --------------------------------------------
>
>                 Key: CASSANDRA-9945
>                 URL: https://issues.apache.org/jira/browse/CASSANDRA-9945
>             Project: Cassandra
>          Issue Type: Improvement
>            Reporter: Jason Brown
>            Assignee: Jason Brown
>              Labels: encryption
>             Fix For: 3.0 beta 1
>
>
> This patch will add the core infrastructure classes necessary for transparent 
> data encryption (file-level encryption), as required for CASSANDRA-6018 and 
> CASSANDRA-9633.  The phrase "transparent data encryption", while not the most 
> aesthetically pleasing, seems to be used throughout the database industry 
> (Oracle, SQLQServer, Datastax Enterprise) to describe file level encryption, 
> so we're go with that, as well. 



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to