[jira] [Commented] (HADOOP-10719) Add generateEncryptedKey and decryptEncryptedKey methods to KeyProvider

Wed, 02 Jul 2014 15:46:33 -0700 

    [ 
https://issues.apache.org/jira/browse/HADOOP-10719?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14050823#comment-14050823
 ] 

Andrew Wang commented on HADOOP-10719:
--------------------------------------

Hi Arun, thanks for working on this patch. Had a few review comments:

* If we're targeting trunk rather than the fs-encryption branch with this, we 
don't have CryptoCodec. I think tucu stubbed this out in an earlier patch.
* I don't understand the second factory method in KPCE, why do we do the 
if+cast? I think tucu wanted you to do this in the other factory method, 
createKPCE(KeyProvider, conf) to avoid the default KPCE.
* Seems like we're going to have a hard time with multiple extension 
interfaces, i.e. if we wanted to put the proposed delegation token methods in 
KPDelegationTokenExtension (HADOOP-10769). Any thoughts there? One idea is to 
do something with composition and multiple interfaces. Each implementing class 
could hold an instance of DefaultCryptoExtension and defer to that.

Nits:
* Some lines longer than 80 chars
* typos: "Cytographic", "KeyProvider. that", "KeyProvidetExtension"
* Could delete the last empty line in your javadocs
* "provide an implementation for" is a hanging participle, could say "This is a 
marker interface for the implementing KeyProviderExtension to implement."
* slightly weird line-breaking in KPCE for flipIV

> Add generateEncryptedKey and decryptEncryptedKey methods to KeyProvider
> -----------------------------------------------------------------------
>
>                 Key: HADOOP-10719
>                 URL: https://issues.apache.org/jira/browse/HADOOP-10719
>             Project: Hadoop Common
>          Issue Type: Improvement
>          Components: security
>    Affects Versions: 3.0.0
>            Reporter: Alejandro Abdelnur
>            Assignee: Arun Suresh
>         Attachments: HADOOP-10719.1.patch, HADOOP-10719.2.patch, 
> HADOOP-10719.patch, HADOOP-10719.patch, HADOOP-10719.patch, 
> HADOOP-10719.patch, HADOOP-10719.patch
>
>
> This is a follow up on 
> [HDFS-6134|https://issues.apache.org/jira/browse/HDFS-6134?focusedCommentId=14036044&page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-14036044]
> KeyProvider API should  have 2 new methods:
> * KeyVersion generateEncryptedKey(String keyVersionName, byte[] iv)
> * KeyVersion decryptEncryptedKey(String keyVersionName, byte[] iv, KeyVersion 
> encryptedKey)
> The implementation would do a known transformation on the IV (i.e.: xor with 
> 0xff the original IV).



--
This message was sent by Atlassian JIRA
(v6.2#6252)

Reply via email to