[
https://issues.apache.org/jira/browse/ACCUMULO-958?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13551298#comment-13551298
]
John Vines commented on ACCUMULO-958:
-------------------------------------
The cipherstreams simply add a layer between the write and the write to DFS, so
it's all server side. It should have no impact on dfs' append functionality.
The reason this is solely for walogs, is that doing encoding in the middle of
an RFile write is it could throw off the sortedness of the RFile, kill relative
key encoding, and doing individual key encryption just isn't performant. For
the RFiles, we're better off looking at the codec used for the block level
compression of RFiles.
> Support pluggable encryption in walogs
> --------------------------------------
>
> Key: ACCUMULO-958
> URL: https://issues.apache.org/jira/browse/ACCUMULO-958
> Project: Accumulo
> Issue Type: Improvement
> Components: logger
> Reporter: John Vines
> Assignee: John Vines
> Fix For: 1.5.0
>
>
> There are some cases where users want encryption at rest for the walogs. It
> should be fairly trivial to implement it in such a way to insert a
> CipherOutputStream into the data path (defaulting to using a NullCipher) and
> then making the Cipher pluggable to users can insert the appropriate
> mechanisms for their use case.
> This also means swapping in CipherInputStream and putting in a check to make
> sure the Cipher type's match at read and write time. Possibly a versioning
> mechanism so people can migrate Ciphers.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
