rdblue commented on a change in pull request #80: Introduce metadata for encrypting table data files URL: https://github.com/apache/incubator-iceberg/pull/80#discussion_r249963408
########## File path: api/src/main/java/com/netflix/iceberg/encryption/EncryptionKeyMetadata.java ########## @@ -0,0 +1,61 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package com.netflix.iceberg.encryption; + +import com.netflix.iceberg.Schema; +import com.netflix.iceberg.types.Types; + +import java.nio.ByteBuffer; + +/** + * Metadata stored in Iceberg that points to an encryption key in some key store implementation. + * <p> + * Note that under any circumstances, the encryption key used to decrypt the file itself + * should NEVER be stored in this blob. + */ +public interface EncryptionKeyMetadata { + + Schema SCHEMA = new Schema( + Types.NestedField.required(10000, "key_metadata", Types.BinaryType.get()), + Types.NestedField.required(10001, "cipher_algorithm", Types.StringType.get()), + Types.NestedField.required(10002, "key_algorithm", Types.StringType.get())); + + static Schema schema() { + return SCHEMA; + } + + /** + * Header description of the key. + */ + ByteBuffer keyMetadata(); + + /** + * Cipher algorithm used to decrypt the file with this file's encryption key. + */ + String cipherAlgorithm(); + + /** + * Algorithm to use when converting the key bytes into key material that can be used for + * creating cryptographic ciphers. + */ + String keyAlgorithm(); Review comment: I agree with your description of the choice, but I don't think I agree with the conclusion. While key and cipher algorithms are universal, how an encryption scheme chooses to manage them is not. A great example that demonstrates what I'm talking about is the PR you linked to. The cipher algorithm is [configured by a table property](https://github.com/mccheah/incubator-iceberg/pull/1/files#diff-d2da4db4af7249e243edbc9034f0cb68R75), and the key algorithm is [determined by the cipher algorithm](https://github.com/mccheah/incubator-iceberg/pull/1/files#diff-d2da4db4af7249e243edbc9034f0cb68R99). So I can easily imagine a scheme where we don't store a string for each data file with its cipher and key algorithm, but instead initialize the key manager from table properties. Another reasonable scheme is to use an algorithm based on the encryption classes that are loaded. Given that there are reasonable options that don't require adding 2 strings per file and that those strings add overhead, I'd prefer to go with option 1. That really simplifies the metadata that Iceberg has to store and adds little overhead. ---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: [email protected] With regards, Apache Git Services --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
