[jira] [Comment Edited] (HADOOP-10719) Add generateEncryptedKey and decryptEncryptedKey methods to KeyProvider

Wed, 02 Jul 2014 17:02:35 -0700 

    [ 
https://issues.apache.org/jira/browse/HADOOP-10719?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14050889#comment-14050889
 ] 

Alejandro Abdelnur edited comment on HADOOP-10719 at 7/3/14 12:02 AM:
----------------------------------------------------------------------

Actually, I think we can go simple here, we do not compose extensions, we 
simply use multiple extensions:

{code}
KP kp = KP.findProvider();
KPExtensionA kpea = new KPKExtensionA(kp);
KPExtensionB kpeb = new KPKExtensionB(kp);
{code}
When we need functionality form {{KPExtensionA}} we use {{kpea}}, and when we 
need functionality from {{KPExtensionB}} we use {{kpeb}}.

The assumption he is that extensions provide disjoint functionality. For the 
cases where extensions are built on top of each other, then the extension 
constructor should reflect this contract using the concrete key provider 
extension it requires.

thoughts?




was (Author: tucu00):
Actually, I think we can go simple here, we do not compose extensions, we 
simply use multiple extensions:

{code}
KP kp = KP.findProvider();
KPExtensionA kpea = new KPKExtensionA(kp);
KPExtensionB kpeb = new KPKExtensionB(kp);

When we need functionality form {{KPExtensionA}} we use {{kpea}}, and when we 
need functionality from {{KPExtensionB}} we use {{kpeb}}.

The assumption he is that extensions provide disjoint functionality. For the 
cases where extensions are built on top of each other, then the extension 
constructor should reflect this contract using the concrete key provider 
extension it requires.

thoughts?



> Add generateEncryptedKey and decryptEncryptedKey methods to KeyProvider
> -----------------------------------------------------------------------
>
>                 Key: HADOOP-10719
>                 URL: https://issues.apache.org/jira/browse/HADOOP-10719
>             Project: Hadoop Common
>          Issue Type: Improvement
>          Components: security
>    Affects Versions: 3.0.0
>            Reporter: Alejandro Abdelnur
>            Assignee: Arun Suresh
>         Attachments: HADOOP-10719.1.patch, HADOOP-10719.2.patch, 
> HADOOP-10719.patch, HADOOP-10719.patch, HADOOP-10719.patch, 
> HADOOP-10719.patch, HADOOP-10719.patch
>
>
> This is a follow up on 
> [HDFS-6134|https://issues.apache.org/jira/browse/HDFS-6134?focusedCommentId=14036044&page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-14036044]
> KeyProvider API should  have 2 new methods:
> * KeyVersion generateEncryptedKey(String keyVersionName, byte[] iv)
> * KeyVersion decryptEncryptedKey(String keyVersionName, byte[] iv, KeyVersion 
> encryptedKey)
> The implementation would do a known transformation on the IV (i.e.: xor with 
> 0xff the original IV).



--
This message was sent by Atlassian JIRA
(v6.2#6252)

Reply via email to