[jira] [Commented] (HBASE-16463) Improve transparent table/CF encryption with Commons Crypto

Fri, 23 Sep 2016 01:40:56 -0700 

    [ 
https://issues.apache.org/jira/browse/HBASE-16463?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15515808#comment-15515808
 ] 

Dapeng Sun commented on HBASE-16463:
------------------------------------

Thank [~ram_krish] for your comments.
{quote} I think this change looks harmless in terms of impl as it is 
implementing existing interfaces.  {quote}
Yes, the impl would be harmless.
{quote}
<commons-crypto.version>1.0.0</commons-crypto.version>
This version is the updated stable release version available? 
{quote}
Yes, this is a stable release, Spark shuffle encryption is using it.
{quote}
What is the procedure if the cluster has to be upgraded from AES to the new 
commons cryto? Major compaction should be run before using the new algo?
{quote}
The encrypted result would be same when AES and CRYPTO are using same mode (eg. 
AES/CTR/NoPadding), there wouldn't have issue of data compatibility. I think 
the procedure would be updating the configuration, and restarting service or 
reloading configuration.
{quote}
 public static final String RNG_ALGORITHM_KEY = "hbase.crypto.algorithm.rng";
60        public static final String RNG_PROVIDER_KEY = 
"hbase.crypto.algorithm.rng.provider";
these config keys can be moved to the Cipher abstract class if the existing AES 
cipher also uses the same key. Same with IV_LENGTH, BLOCK_SIZE etc.
{quote}
Good suggestion, I will update it on next patch.

> Improve transparent table/CF encryption with Commons Crypto
> -----------------------------------------------------------
>
>                 Key: HBASE-16463
>                 URL: https://issues.apache.org/jira/browse/HBASE-16463
>             Project: HBase
>          Issue Type: New Feature
>          Components: encryption
>    Affects Versions: 2.0.0
>            Reporter: Dapeng Sun
>         Attachments: HBASE-16463.001.patch, HBASE-16463.002.patch, 
> HBASE-16463.003.patch
>
>
> Apache Commons Crypto 
> (https://commons.apache.org/proper/commons-crypto/index.html) is a 
> cryptographic library optimized with AES-NI.
> HBASE-7544 introduces a framework for transparent encryption feature for 
> protecting HFile and WAL data at rest. Currently JCE cipher is used bu 
> default, the improvement will use Commons Crypto to accelerate the 
> transparent encryption of HBase. new crypto provider with Commons CRYPTO will 
> be provided for Transparent encryption.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to