[jira] [Commented] (HDFS-15098) Add SM4 encryption method for HDFS

Tue, 23 Jun 2020 18:30:32 -0700 


    [ 
https://issues.apache.org/jira/browse/HDFS-15098?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17143435#comment-17143435
 ] 

liusheng commented on HDFS-15098:
---------------------------------

Hi [~weichiu],

I am so sorry that we have a delay for this feature, now we have updated the 
patches and tested OK locally, we have added test cases, config options, docs 
in the patch. currently, the SM4 is supported in openssl>=1.1.1, if this 
requirement is unstatisfied, it will fall back to use the SM4 implementation 
BouncyCastleProvider which is already a dependency of Hadoop. So, now we only 
need to cofigure KMS services to enable SM4 support.

Could you please help to review again ?

> Add SM4 encryption method for HDFS
> ----------------------------------
>
>                 Key: HDFS-15098
>                 URL: https://issues.apache.org/jira/browse/HDFS-15098
>             Project: Hadoop HDFS
>          Issue Type: New Feature
>    Affects Versions: 3.4.0
>            Reporter: liusheng
>            Assignee: zZtai
>            Priority: Major
>              Labels: sm4
>         Attachments: HDFS-15098.001.patch, HDFS-15098.002.patch, 
> HDFS-15098.003.patch, HDFS-15098.004.patch, HDFS-15098.005.patch, 
> HDFS-15098.006.patch, HDFS-15098.007.patch
>
>
> SM4 (formerly SMS4)is a block cipher used in the Chinese National Standard 
> for Wireless LAN WAPI (Wired Authentication and Privacy Infrastructure).
>  SM4 was a cipher proposed to for the IEEE 802.11i standard, but has so far 
> been rejected by ISO. One of the reasons for the rejection has been 
> opposition to the WAPI fast-track proposal by the IEEE. please see:
> [https://en.wikipedia.org/wiki/SM4_(cipher)]
>  
> *Use sm4 on hdfs as follows:*
> 1.download Bouncy Castle Crypto APIs from bouncycastle.org
> [https://bouncycastle.org/download/bcprov-ext-jdk15on-165.jar]
> 2.Configure JDK
> Place bcprov-ext-jdk15on-165.jar in $JAVA_HOME/jre/lib/ext directory,
> add "security.provider.10=org.bouncycastle.jce.provider.BouncyCastleProvider" 
> to $JAVA_HOME/jre/lib/security/java.security file
> 3.Configure Hadoop KMS
> 4.test HDFS sm4
> hadoop key create key1 -cipher 'SM4/CTR/NoPadding'
> hdfs dfs -mkdir /benchmarks
> hdfs crypto -createZone -keyName key1 -path /benchmarks
> *requires:*
> 1.openssl version >=1.1.1
> 2.configure Bouncy Castle Crypto on JDK



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

---------------------------------------------------------------------
To unsubscribe, e-mail: hdfs-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: hdfs-issues-h...@hadoop.apache.org

Reply via email to