Nick Felts created ACCUMULO-4737:
------------------------------------

             Summary: Clean up cipher algorithm configuration
                 Key: ACCUMULO-4737
                 URL: https://issues.apache.org/jira/browse/ACCUMULO-4737
             Project: Accumulo
          Issue Type: Improvement
            Reporter: Nick Felts
            Assignee: Nick Felts
            Priority: Minor


The two property options:

  crypto.cipher.algorithm.name
  crypto.cipher.suite

are not used intuitively. For example, as far as I can tell, the only place the 
cipher suite's algorithm name is used is to check for NullCipher. I even tested 
this using bogus strings to confirm. Instead, once the suite is found to not 
indicate NullCipher, the cipher.algorithm.name replaces the algorithm found in 
the cipher suite for all further uses.

Further, the suite is parsed out into padding and mode options, which only 
exist to pass a few unit tests and reconstruct the cipher suite using the other 
specified algorithm.

This leads to some unintuitive behavior, where someone specifying an algorithm 
in the cipher suite is not necessarily using their intended algorithm, unless 
both options specified the the same algorithm.

To clean this up, the algorithm specified should be renamed and used for key 
generation, since some keys can be used across different algorithms 
(https://docs.oracle.com/javase/8/docs/api/java/security/Key.html), and the 
cipher suite can be used as stated, instead of deconstructing it to then 
reconstruct it.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

Reply via email to