ctubbsii commented on a change in pull request #2197:
URL: https://github.com/apache/accumulo/pull/2197#discussion_r680157387
##########
File path: core/src/main/java/org/apache/accumulo/core/conf/Property.java
##########
@@ -894,6 +893,21 @@
TABLE_COMPACTION_STRATEGY_PREFIX("table.majc.compaction.strategy.opts.",
null,
PropertyType.PREFIX,
"Properties in this category are used to configure the compaction
strategy.", "1.6.0"),
+ // Crypto-related properties
+ @Experimental
+ TABLE_CRYPTO_PREFIX("table.crypto.opts.", null, PropertyType.PREFIX,
+ "Properties related to on-disk file encryption.", "2.1.0"),
+ @Experimental
+ @Sensitive
+ TABLE_CRYPTO_SENSITIVE_PREFIX("table.crypto.opts.sensitive.", null,
PropertyType.PREFIX,
+ "Sensitive properties related to on-disk file encryption.", "2.1.0"),
+ @Experimental
+ TABLE_CRYPTO_SERVICE("table.crypto.service",
+ "org.apache.accumulo.core.spi.crypto.NoCryptoService",
PropertyType.CLASSNAME,
+ "The class which executes on-disk table encryption/decryption. The
default does "
+ + "nothing. This property must be a classname with an implementation
of the "
+ + "org.apache.accumulo.core.spi.crypto.CryptoService interface.",
+ "2.1.0"),
Review comment:
> If we are not specifying the crypto service in the table config, do we
use the same crypto service for all tables? If not, what in the table config
will determine which crypto service to use.
I think that would be implementation-dependent.
> Based on what you are saying, I am imagining a config like this:
>
> instance.crypto.factory=MyCryptoServiceFactoryThatSupportsPerTableConfig
> instance.wal.enabled=true
>
instance.crypto.wal.opts.key.uri=/home/mike/workspace/uno/CryptoTest-testkeyfile
> secureTable:
> table.crypto.enabled=true
> table.crypto.type=strong
> table.crypto.opts.key=/something/more/secure/than/a/file
> lessSecureTable:
> table.crypto.enabled=true
> table.crypto.type=weak
> table.crypto.opts.key.uri=/home/mike/workspace/uno/CryptoTest-testkeyfile2
> With the impl of MyCryptoServiceFactoryThatSupportsPerTableConfig looking
like this:
>
> if scope == wal && enabled, return AESCryptoService
> if scope == table && enabled && type=strong, return StrongerCryptoService
> if scope == table && enabled && type=weak, return WeakerCryptoService
Something like that. I would probably just put everything under
`table.crypto.opts.`, though. So, something closer to:
```ini
instance.crypto.service.factory=PerTableAESCryptoFactory
instance.crypto.wal.opts.algorithm=AES256+CBC
instance.crypto.wal.opts.key.uri=/path/to/keyfile
; no crypto table (still provide the key, in case it needs to read old data):
table.crypto.opts.algorithm=NONE
table.crypto.opts.key.uri=/path/to/keyfile
; table A:
table.crypto.opts.algorithm=AES128+ECB
table.crypto.opts.key.uri=/path/to/keyfile
; table B:
table.crypto.opts.algorithm=AES512+ECB
table.crypto.opts.key.uri=/path/to/keyfile
```
inside PerTableAESCryptoFactory
```java
if (algorithm == NONE) return new CryptoService(new NoEncrypter(), new
AESDecrypter(key));
else return new CryptoService(new AESEncrypter(algorithm, key), new
AESDecrypter(key));
```
However, exactly how/where the algorithm/key/other opts get passed depends
on what the interfaces look like exactly, and at what point are they called.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
