[ https://issues.apache.org/jira/browse/HADOOP-10719?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14050823#comment-14050823 ]
Andrew Wang commented on HADOOP-10719: -------------------------------------- Hi Arun, thanks for working on this patch. Had a few review comments: * If we're targeting trunk rather than the fs-encryption branch with this, we don't have CryptoCodec. I think tucu stubbed this out in an earlier patch. * I don't understand the second factory method in KPCE, why do we do the if+cast? I think tucu wanted you to do this in the other factory method, createKPCE(KeyProvider, conf) to avoid the default KPCE. * Seems like we're going to have a hard time with multiple extension interfaces, i.e. if we wanted to put the proposed delegation token methods in KPDelegationTokenExtension (HADOOP-10769). Any thoughts there? One idea is to do something with composition and multiple interfaces. Each implementing class could hold an instance of DefaultCryptoExtension and defer to that. Nits: * Some lines longer than 80 chars * typos: "Cytographic", "KeyProvider. that", "KeyProvidetExtension" * Could delete the last empty line in your javadocs * "provide an implementation for" is a hanging participle, could say "This is a marker interface for the implementing KeyProviderExtension to implement." * slightly weird line-breaking in KPCE for flipIV > Add generateEncryptedKey and decryptEncryptedKey methods to KeyProvider > ----------------------------------------------------------------------- > > Key: HADOOP-10719 > URL: https://issues.apache.org/jira/browse/HADOOP-10719 > Project: Hadoop Common > Issue Type: Improvement > Components: security > Affects Versions: 3.0.0 > Reporter: Alejandro Abdelnur > Assignee: Arun Suresh > Attachments: HADOOP-10719.1.patch, HADOOP-10719.2.patch, > HADOOP-10719.patch, HADOOP-10719.patch, HADOOP-10719.patch, > HADOOP-10719.patch, HADOOP-10719.patch > > > This is a follow up on > [HDFS-6134|https://issues.apache.org/jira/browse/HDFS-6134?focusedCommentId=14036044&page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-14036044] > KeyProvider API should have 2 new methods: > * KeyVersion generateEncryptedKey(String keyVersionName, byte[] iv) > * KeyVersion decryptEncryptedKey(String keyVersionName, byte[] iv, KeyVersion > encryptedKey) > The implementation would do a known transformation on the IV (i.e.: xor with > 0xff the original IV). -- This message was sent by Atlassian JIRA (v6.2#6252)