[
https://issues.apache.org/jira/browse/HIVE-21848?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16867960#comment-16867960
]
Xinli Shang commented on HIVE-21848:
------------------------------------
[~gershinsky], thanks for sharing out the timing concern. How about we continue
the discussion of this topic(unifying ORC and Parquet encryption properties)
with smaller scope as "the minimum common set of both encryption properties".
For Parquet or ORC specific settings, they can be defined in their own domain
and be excluded for this topic. The motivation for starting the discussion now
is that some companies might already start deploying. They will run into a bad
situation if they have to revert their design later in production when they
sync with upstream, and it could be even worse if they have to translate the
encrypted data due to the later change. The discussion here may run for some
time. While we discuss in Parquet community in parallel, we can keep mind the
unifying discussion.
The minimum common set should answer the questions of "*which* column to be
encrypted with *which* key". Anything else?
So far we have several proposals below according to the above discussion.
| |Format Example
<In the example, column 'col1' is encrypted with the key ‘pii’;
column 'col2' is encrypted with the key ‘pii’;
column 'col3' is encrypted with the key ‘credit’>|Pros|Cons|
|1| "encrypt.with.pii" = "col1,col2"
"encrypt.with.credit" = "col3"| | |
|2|“encryption.column.keys" = "col1:pii,col2:pii,col3:credit” | | |
|3|"encrypt_col_col1" = "pii"
"encrypt_col_col2" = "pii"
"encrypt_col_col3" = "credit"| |Comparing with #2, this is not that compact as
it needs multiple entries. |
> Table property name definition between ORC and Parquet encrytion
> ----------------------------------------------------------------
>
> Key: HIVE-21848
> URL: https://issues.apache.org/jira/browse/HIVE-21848
> Project: Hive
> Issue Type: Task
> Components: Metastore
> Affects Versions: 3.0.0
> Reporter: Xinli Shang
> Assignee: Xinli Shang
> Priority: Major
> Fix For: 3.0.0
>
>
> The goal of this Jira is to define a superset of unified table property names
> that can be used for both Parquet and ORC column encryption. There is no code
> change needed for this Jira.
> *Background:*
> ORC-14 and Parquet-1178 introduced column encryption to ORC and Parquet. To
> configure the encryption, e.g. which column is sensitive, what master key to
> be used, algorithm, etc, table properties can be used. It is important that
> both Parquet and ORC can use unified names.
> According to the slide
> [https://www.slideshare.net/oom65/fine-grain-access-control-for-big-data-orc-column-encryption-137308692],
> ORC use table properties like orc.encrypt.pii, orc.encrypt.credit. While in
> the Parquet community, it is still discussing to provide several ways and
> using table properties is one of the options, while there is no detailed
> design of the table property names yet.
> So it is a good time to discuss within two communities to have unified table
> names as a superset.
> *Proposal:*
> There are several encryption properties that need to be specified for a
> table. Here is the list. This is the superset of Parquet and ORC. Some of
> them might not apply to both.
> # PII columns including nest columns
> # Column key metadata, master key metadata
> # Encryption algorithm, for example, Parquet support AES_GCM and AES_CTR.
> ORC might support AES_CTR.
> # Encryption footer - Parquet allow footer to be encrypted or plaintext
> # Footer key metadata
> Here is the table properties proposal.
> |*Table Property Name*|*Value*|*Notes*|
> |encrypt_algorithm|aes_ctr, aes_gcm|The algorithm to be used for encryption.|
> |encrypt_footer_plaintext|true, false|Parquet support plaintext and encrypted
> footer. By default, it is encrypted.|
> |encrypt_footer_key_metadata|base64 string of footer key metadata|It is up to
> the KMS to define what key metadata is. The metadata should have enough
> information to figure out the corresponding key by the KMS. |
> |encrypt_col_xxx|base64 string of column key metadata|‘xxx’ is the column
> name for example, ‘address.zipcode’.
>
> It is up to the KMS to define what key metadata is. The metadata should have
> enough information to figure out the corresponding key by the KMS.|
>
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
