[
https://issues.apache.org/jira/browse/HBASE-10062?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13837204#comment-13837204
]
Andrew Purtell commented on HBASE-10062:
----------------------------------------
There is no migration step because this feature is not in a release yet. I
filed this and a couple other minor JIRAs to capture possible last minute
tweaks before it goes out and is set in stone.
> Store the encrypted data length in the block encryption header instead of
> plaintext length
> ------------------------------------------------------------------------------------------
>
> Key: HBASE-10062
> URL: https://issues.apache.org/jira/browse/HBASE-10062
> Project: HBase
> Issue Type: Improvement
> Reporter: Andrew Purtell
> Assignee: Andrew Purtell
> Priority: Minor
> Fix For: 0.98.0
>
>
> After HBASE-7544, if an HFile belongs to an encrypted family, it is encrypted
> on a per block basis. The encrypted blocks include the following header:
> {noformat}
> // +--------------------------+
> // | vint plaintext length |
> // +--------------------------+
> // | vint iv length |
> // +--------------------------+
> // | iv data ... |
> // +--------------------------+
> // | encrypted block data ... |
> // +--------------------------+
> {noformat}
> The reason for storing the plaintext length is so we can create an decryption
> stream over the encrypted block data and, no matter the internal details of
> the crypto algorithm (whether it adds padding, etc.) after reading the
> expected plaintext bytes we know the reader is finished. However my colleague
> Jerry Chen pointed out today this construction mandates the block be
> processed exactly that way. Storing and using the encrypted data length
> instead could provide more implementation flexibility down the road.
--
This message was sent by Atlassian JIRA
(v6.1#6144)
