[jira] [Updated] (HDFS-15098) Add SM4 encryption method for HDFS

Wed, 03 Jun 2020 02:45:47 -0700 


     [ 
https://issues.apache.org/jira/browse/HDFS-15098?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

zZtai updated HDFS-15098:
-------------------------
      Attachment: HDFS-15098.005.patch
    Release Note: When Openssl exists in the environment,the system will use 
SM4 algorithm to encrypt and decrypt through Openssl.When Openssl is not 
available,he system will use SM4 algorithm to encrypt and decrypt through Jce.  
(was: 1.Modified the cc, checkstyle and whitespace that occurred in the 
previous patch.
2.Modified the test case about SM4 which can run successfully.)
          Status: Patch Available  (was: Open)

When Openssl exists in the environment,the system will use SM4 algorithm to 
encrypt and decrypt through Openssl.When Openssl is not available,he system 
will use SM4 algorithm to encrypt and decrypt through Jce.

> Add SM4 encryption method for HDFS
> ----------------------------------
>
>                 Key: HDFS-15098
>                 URL: https://issues.apache.org/jira/browse/HDFS-15098
>             Project: Hadoop HDFS
>          Issue Type: New Feature
>    Affects Versions: 3.4.0
>            Reporter: liusheng
>            Assignee: zZtai
>            Priority: Major
>              Labels: sm4
>         Attachments: HDFS-15098.001.patch, HDFS-15098.002.patch, 
> HDFS-15098.003.patch, HDFS-15098.004.patch, HDFS-15098.005.patch
>
>
> SM4 (formerly SMS4)is a block cipher used in the Chinese National Standard 
> for Wireless LAN WAPI (Wired Authentication and Privacy Infrastructure).
>  SM4 was a cipher proposed to for the IEEE 802.11i standard, but has so far 
> been rejected by ISO. One of the reasons for the rejection has been 
> opposition to the WAPI fast-track proposal by the IEEE. please see:
> [https://en.wikipedia.org/wiki/SM4_(cipher)]
>  
> *Use sm4 on hdfs as follows:*
> 1.download Bouncy Castle Crypto APIs from bouncycastle.org
> [https://bouncycastle.org/download/bcprov-ext-jdk15on-165.jar]
> 2.Configure JDK
> Place bcprov-ext-jdk15on-165.jar in $JAVA_HOME/jre/lib/ext directory,
> add "security.provider.10=org.bouncycastle.jce.provider.BouncyCastleProvider" 
> to $JAVA_HOME/jre/lib/security/java.security file
> 3.Configure Hadoop KMS
> 4.test HDFS sm4
> hadoop key create key1 -cipher 'SM4/CTR/NoPadding'
> hdfs dfs -mkdir /benchmarks
> hdfs crypto -createZone -keyName key1 -path /benchmarks
> *requires:*
> 1.openssl version >=1.1.1
> 2.configure Bouncy Castle Crypto on JDK



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to