rok opened a new pull request, #7459: URL: https://github.com/apache/arrow-rs/pull/7459
# Which issue does this PR close? From #7255 > Follow up task to #6637, which adds initial support for reading files that use [Parquet modular encryption](https://github.com/apache/parquet-format/blob/master/Encryption.md). > > The Parquet format allows encrypting some or all column data while keeping footers in plaintext for compatibility with readers that don't support encryption. Readers that support encryption can still verify the integrity of the footer though, as a 28 byte nonce and GCM tag are written after the plaintext footer metadata (see https://github.com/apache/parquet-format/blob/master/Encryption.md#55-plaintext-footer-mode). > >This should be supported in arrow-rs to allow readers to verify the integrity of plaintext footers. > >This should probably be optional, eg. in C++ Parquet there's a `FileDecryptionProperties::Builder::disable_footer_signature_verification` method to allow disabling this. Closes #7255. # Rationale for this change This adds a mechanism that willl prevent tampering with metadata. # What changes are included in this PR? This adds a read-time integrity verification of footer metadata of read file. # Are there any user-facing changes? Users get an opaque integrity verification check by default (will throw if failed) and can choose to opt out by calling `FileDecryptionProperties::Builder::disable_footer_signature_verification` method. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: github-unsubscr...@arrow.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
