Nick Felts created ACCUMULO-4737:
------------------------------------
Summary: Clean up cipher algorithm configuration
Key: ACCUMULO-4737
URL: https://issues.apache.org/jira/browse/ACCUMULO-4737
Project: Accumulo
Issue Type: Improvement
Reporter: Nick Felts
Assignee: Nick Felts
Priority: Minor
The two property options:
crypto.cipher.algorithm.name
crypto.cipher.suite
are not used intuitively. For example, as far as I can tell, the only place the
cipher suite's algorithm name is used is to check for NullCipher. I even tested
this using bogus strings to confirm. Instead, once the suite is found to not
indicate NullCipher, the cipher.algorithm.name replaces the algorithm found in
the cipher suite for all further uses.
Further, the suite is parsed out into padding and mode options, which only
exist to pass a few unit tests and reconstruct the cipher suite using the other
specified algorithm.
This leads to some unintuitive behavior, where someone specifying an algorithm
in the cipher suite is not necessarily using their intended algorithm, unless
both options specified the the same algorithm.
To clean this up, the algorithm specified should be renamed and used for key
generation, since some keys can be used across different algorithms
(https://docs.oracle.com/javase/8/docs/api/java/security/Key.html), and the
cipher suite can be used as stated, instead of deconstructing it to then
reconstruct it.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)