[GitHub] [accumulo] ctubbsii commented on pull request #1968: Enhance Crypto

Tue, 30 Mar 2021 13:36:53 -0700 


ctubbsii commented on pull request #1968:
URL: https://github.com/apache/accumulo/pull/1968#issuecomment-810560743


   > @ctubbsii did you have any ideas how to configure the decrypters? @PircDef 
and I both thinks we should avoid directly loading a class from bytes in a file 
for security reasons.
   
   I agree.
   
   > We thought it would be better to only load classes configured and then 
compare the bytes read from the file against the classes loaded for decryption.
   
   I think you lost me a bit here. I don't see any reason we should serialize 
any classes to the files at all... only parameters.
   
   For example (pseudo-code):
   
   ```java
   var cryptoService = serverContext.getCryptoService();
   
   // encrypt file
   var encryptionContext = 
createRFileEncryptionContextForTableFromConfig({tableName, tableConfig});
   var encrypter = cryptoService.getEncrypter(encryptionContext);
   var encryptedOutputStream = newEncryptedOutputStream();
   while (plaintext.hasMoreBytes()) {
     encryptedOutputStream.append(encrypter.encrypt(plaintext.moreBytes()));
   }
   var encryptedRFile = encryptedOutputStream.finish(encrypter.params());
   
   // decrypt file
   var decryptParams = encryptedRFile.readCryptoHeader(file);
   var decryptionContext = 
createRFileDecryptionContextForTableFromFileAndConfig({tableName, tableConfig, 
decryptParams});
   var decrypter = cryptoService.getDecrypter(decryptionContext);
   var plaintextOutputStream = newPlaintextOutputStream();
   while (encryptedRFile.hasMoreBytes()) {
     
plaintextOutputStream.append(decrypter.decrypt(encryptedRFile.moreBytes()));
   }
   var plaintextRFile = plaintextOutputStream.toFile();
   ```
   
   This is the basic outline, but the specific API could vary depending on 
where exactly the file header is read (whether it's in the decrypter itself, or 
inside Accumulo and merely passed to the decrypter).
   
   Also, I believe what I just wrote out is essentially how it works today, 
except for the lack of having the table name and table config  as part of the 
encrypt/decrypt contexts. I believe that currently, the only encryption context 
is the opts in the system config, but the decrypt context does use the params 
serialized in the RFile.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
[email protected]

Reply via email to