[ https://issues.apache.org/jira/browse/HDFS-6134?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14097610#comment-14097610 ]
Sanjay Radia commented on HDFS-6134: ------------------------------------ Context: making things work for cp, distcp, har, etc. Is the following true: the EZ master key (EZKey) is only needed for file creation in EZ subtree. After that for reading or appending to a file, one simple needs the file's individual key. If that is true then one can copy raw encrypted files and their keys from an EZ to tape, har, tar, etc and then restore them later and things would just work. Also can one copy raw encrypted files and their keys from an EZ to another EZ which has a different EZKey and again things would work? > Transparent data at rest encryption > ----------------------------------- > > Key: HDFS-6134 > URL: https://issues.apache.org/jira/browse/HDFS-6134 > Project: Hadoop HDFS > Issue Type: New Feature > Components: security > Affects Versions: 3.0.0, 2.3.0 > Reporter: Alejandro Abdelnur > Assignee: Charles Lamb > Attachments: HDFS-6134.001.patch, HDFS-6134.002.patch, > HDFS-6134_test_plan.pdf, HDFSDataatRestEncryption.pdf, > HDFSDataatRestEncryptionProposal_obsolete.pdf, > HDFSEncryptionConceptualDesignProposal-2014-06-20.pdf > > > Because of privacy and security regulations, for many industries, sensitive > data at rest must be in encrypted form. For example: the healthÂcare industry > (HIPAA regulations), the card payment industry (PCI DSS regulations) or the > US government (FISMA regulations). > This JIRA aims to provide a mechanism to encrypt HDFS data at rest that can > be used transparently by any application accessing HDFS via Hadoop Filesystem > Java API, Hadoop libhdfs C library, or WebHDFS REST API. > The resulting implementation should be able to be used in compliance with > different regulation requirements. -- This message was sent by Atlassian JIRA (v6.2#6252)