[
https://issues.apache.org/jira/browse/FLUME-1424?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13443895#comment-13443895
]
Mike Percy commented on FLUME-1424:
-----------------------------------
Following is a proposal for the File Channel encryption design:
* Build on top of FLUME-1487 (FileChannel format needs to be extensible) and
store the relevant encryption metadata at a log file level.
** Record the encryption scheme used
* Make the encryption/decryption mechanism pluggable (the scope of this JIRA is
a set of interfaces and a single implementation).
* Cipher: I believe symmetric encryption makes sense for this implementation;
asymmetric encryption is too slow. If using a block cipher
("AES/CBC/PKCS5Padding" seems like a reasonable choice), ensure that the data
in the cipher buffer gets flushed any time the log file is synced, using e.g.
[Cipher.doFinal()|http://docs.oracle.com/javase/6/docs/api/javax/crypto/Cipher.html#doFinal(java.nio.ByteBuffer,
java.nio.ByteBuffer)]
* Keystore: this implementation can assume jceks. The password to the KeyStore
should likely live in its own plaintext file (this being preferable to storing
it in the configuration file).
* Expose any options that will operate correctly via the Flume configuration
file; Don't allow option values that don't make any sense or will cause
security issues or confusion.
> File Channel should support encryption
> --------------------------------------
>
> Key: FLUME-1424
> URL: https://issues.apache.org/jira/browse/FLUME-1424
> Project: Flume
> Issue Type: Bug
> Reporter: Arvind Prabhakar
> Assignee: Arvind Prabhakar
>
> When persisting the data to disk, the File Channel should allow some form of
> encryption to ensure safety of data.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
