[
https://issues.apache.org/jira/browse/HADOOP-10719?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14052576#comment-14052576
]
Alejandro Abdelnur commented on HADOOP-10719:
---------------------------------------------
Some corrections:
* DEK/EDEK constants should be renamed EK/EEK. We should not assume they will
be used to encrypt only data. javadocs should not refer to data encryption key
but encryption key.
* The {{EncryptedKeyVersion}} inner class should be inner class of the
{{KeyProviderCryptoExtension}}, not of the {{CryptoExtension}} interface, it
should be made static as well.
* The constructor of the {{DefaultCryptoExtension}} should be made private.
* The extension method names in the {{KeyProviderCryptoExtension}} should match
the method names of the {{CryptoExtension}} interface. Also, they should have
the same javadocs.
* The {{createKeyProviderCryptoExtension}} impl will simpler doing:
{code}
public static KeyProviderCryptoExtension createKeyProviderCryptoExtension(
KeyProvider keyProvider) {
CryptoExtension cryptoExtension = (keyProvider instanceof CryptoExtension)
? (CryptoExtension) keyProvider
: new DefaultCryptoExtension(keyProvider);
return new KeyProviderCryptoExtension(keyProvider, cryptoExtension);
}
{code}
* The {{createKeyProviderCryptoExtension}} needs javadocs.
* The {{Configuration}} is not needed for creating the extensions. Though,
{{KeyProvider}} should expose the configuration used for its creation for
extensions to be able to get config from there (please open a JIRA for this).
* The test for the {{KeyProviderCryptoExtension}} should be in its own test
class.
After all this is addressed we are good to go.
> Add generateEncryptedKey and decryptEncryptedKey methods to KeyProvider
> -----------------------------------------------------------------------
>
> Key: HADOOP-10719
> URL: https://issues.apache.org/jira/browse/HADOOP-10719
> Project: Hadoop Common
> Issue Type: Improvement
> Components: security
> Affects Versions: 3.0.0
> Reporter: Alejandro Abdelnur
> Assignee: Arun Suresh
> Attachments: HADOOP-10719.1.patch, HADOOP-10719.2.patch,
> HADOOP-10719.3.patch, HADOOP-10719.3.patch, HADOOP-10719.patch,
> HADOOP-10719.patch, HADOOP-10719.patch, HADOOP-10719.patch, HADOOP-10719.patch
>
>
> This is a follow up on
> [HDFS-6134|https://issues.apache.org/jira/browse/HDFS-6134?focusedCommentId=14036044&page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-14036044]
> KeyProvider API should have 2 new methods:
> * KeyVersion generateEncryptedKey(String keyVersionName, byte[] iv)
> * KeyVersion decryptEncryptedKey(String keyVersionName, byte[] iv, KeyVersion
> encryptedKey)
> The implementation would do a known transformation on the IV (i.e.: xor with
> 0xff the original IV).
--
This message was sent by Atlassian JIRA
(v6.2#6252)
