[jira] [Commented] (HIVE-6329) Support column level encryption/decryption

Wed, 27 Aug 2014 00:55:16 -0700 

    [ 
https://issues.apache.org/jira/browse/HIVE-6329?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14111999#comment-14111999
 ] 

Xiaomeng Huang commented on HIVE-6329:
--------------------------------------

Hi, Navis
I agree with your patch is a framework of column level encryption/decryption. I 
am curious if you use Base64WriteOnly to encode your values, then how to get 
the plaintext? And now Base64Rewriter just get the plaintext instread of 
ciphertext from client, right?
 I have an idea to improve it: we use keymanagement to do encode/decode in 
Rewriter. And the path of key in local will set to configuration instead of 
SERDEPROPERTIES. User1 use the key1 to encode values when instert data and the 
values of these colums will be encoded in HDFS. User2 want to scan the tables, 
if he has key1, he can decode the value successfully and get the plaintext. 
Otherwise, if he has no key or a wrong key, he will decode failed and just get 
the ciphertext.
If this approach make sense to you. I want to create a jira to improve it via 
keymanagement based on this jira.


> Support column level encryption/decryption
> ------------------------------------------
>
>                 Key: HIVE-6329
>                 URL: https://issues.apache.org/jira/browse/HIVE-6329
>             Project: Hive
>          Issue Type: New Feature
>          Components: Security, Serializers/Deserializers
>            Reporter: Navis
>            Assignee: Navis
>            Priority: Minor
>         Attachments: HIVE-6329.1.patch.txt, HIVE-6329.10.patch.txt, 
> HIVE-6329.11.patch.txt, HIVE-6329.2.patch.txt, HIVE-6329.3.patch.txt, 
> HIVE-6329.4.patch.txt, HIVE-6329.5.patch.txt, HIVE-6329.6.patch.txt, 
> HIVE-6329.7.patch.txt, HIVE-6329.8.patch.txt, HIVE-6329.9.patch.txt
>
>
> Receiving some requirements on encryption recently but hive is not supporting 
> it. Before the full implementation via HIVE-5207, this might be useful for 
> some cases.
> {noformat}
> hive> create table encode_test(id int, name STRING, phone STRING, address 
> STRING) 
>     > ROW FORMAT SERDE 'org.apache.hadoop.hive.serde2.lazy.LazySimpleSerDe' 
>     > WITH SERDEPROPERTIES ('column.encode.columns'='phone,address', 
> 'column.encode.classname'='org.apache.hadoop.hive.serde2.Base64WriteOnly') 
> STORED AS TEXTFILE;
> OK
> Time taken: 0.584 seconds
> hive> insert into table encode_test select 
> 100,'navis','010-0000-0000','Seoul, Seocho' from src tablesample (1 rows);
> ......
> OK
> Time taken: 5.121 seconds
> hive> select * from encode_test;
> OK
> 100   navis     MDEwLTAwMDAtMDAwMA==  U2VvdWwsIFNlb2Nobw==
> Time taken: 0.078 seconds, Fetched: 1 row(s)
> hive> 
> {noformat}



--
This message was sent by Atlassian JIRA
(v6.2#6252)

Reply via email to