[ https://issues.apache.org/jira/browse/CASSANDRA-9633?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15674998#comment-15674998 ]
Jason Brown commented on CASSANDRA-9633: ---------------------------------------- bq. There appears to be a bit of a stall on this ticket Yeah, I've been pulled in a couple of different directions lately. TBH, the work here is about 85-90% done, last I remember. I was just testing out a great many things. Adding compression does make the blob passed into encryption smaller, which is why I chose it (also based on previous interactions with security folks). Making it an option is certainly reasonable. Supporting compression is already easy enough - I've already done it ;). bq. Supporting cipher modes that don't use IVs allows I agree with this in general, and for most existing ciphers. However, allowing a variable length IV (per algo/key), plus [~bdeggleston]'s comment "The cipher should be reinitialized with a fresh iv for each chunk" actually made things a lot cleaner, but was a lot of work (which is what I was testing when I got diverted). I'll see if I can scrape together some time in the next week or two to rebase and continue this work. > Add ability to encrypt sstables > ------------------------------- > > Key: CASSANDRA-9633 > URL: https://issues.apache.org/jira/browse/CASSANDRA-9633 > Project: Cassandra > Issue Type: New Feature > Reporter: Jason Brown > Assignee: Jason Brown > Labels: encryption, security, sstable > Fix For: 3.x > > > Add option to allow encrypting of sstables. > I have a version of this functionality built on cassandra 2.0 that > piggy-backs on the existing sstable compression functionality and ICompressor > interface (similar in nature to what DataStax Enterprise does). However, if > we're adding the feature to the main OSS product, I'm not sure if we want to > use the pluggable compression framework or if it's worth investigating a > different path. I think there's a lot of upside in reusing the sstable > compression scheme, but perhaps add a new component in cqlsh for table > encryption and a corresponding field in CFMD. > Encryption configuration in the yaml can use the same mechanism as > CASSANDRA-6018 (which is currently pending internal review). -- This message was sent by Atlassian JIRA (v6.3.4#6332)