[jira] [Updated] (ACCUMULO-4737) Clean up cipher algorithm configuration
[ https://issues.apache.org/jira/browse/ACCUMULO-4737?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Christopher Tubbs updated ACCUMULO-4737: Fix Version/s: 2.0.0 > Clean up cipher algorithm configuration > --- > > Key: ACCUMULO-4737 > URL: https://issues.apache.org/jira/browse/ACCUMULO-4737 > Project: Accumulo > Issue Type: Improvement >Reporter: Nick Felts >Assignee: Nick Felts >Priority: Minor > Labels: pull-request-available > Fix For: 2.0.0 > > Time Spent: 2.5h > Remaining Estimate: 0h > > The two property options: > crypto.cipher.algorithm.name > crypto.cipher.suite > are not used intuitively. For example, as far as I can tell, the only place > the cipher suite's algorithm name is used is to check for NullCipher. I even > tested this using bogus strings to confirm. Instead, once the suite is found > to not indicate NullCipher, the cipher.algorithm.name replaces the algorithm > found in the cipher suite for all further uses. > Further, the suite is parsed out into padding and mode options, which only > exist to pass a few unit tests and reconstruct the cipher suite using the > other specified algorithm. > This leads to some unintuitive behavior, where someone specifying an > algorithm in the cipher suite is not necessarily using their intended > algorithm, unless both options specified the the same algorithm. > To clean this up, the algorithm specified should be renamed and used for key > generation, since some keys can be used across different algorithms > (https://docs.oracle.com/javase/8/docs/api/java/security/Key.html), and the > cipher suite can be used as stated, instead of deconstructing it to then > reconstruct it. -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Updated] (ACCUMULO-4737) Clean up cipher algorithm configuration
[ https://issues.apache.org/jira/browse/ACCUMULO-4737?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] ASF GitHub Bot updated ACCUMULO-4737: - Labels: pull-request-available (was: ) > Clean up cipher algorithm configuration > --- > > Key: ACCUMULO-4737 > URL: https://issues.apache.org/jira/browse/ACCUMULO-4737 > Project: Accumulo > Issue Type: Improvement >Reporter: Nick Felts >Assignee: Nick Felts >Priority: Minor > Labels: pull-request-available > > The two property options: > crypto.cipher.algorithm.name > crypto.cipher.suite > are not used intuitively. For example, as far as I can tell, the only place > the cipher suite's algorithm name is used is to check for NullCipher. I even > tested this using bogus strings to confirm. Instead, once the suite is found > to not indicate NullCipher, the cipher.algorithm.name replaces the algorithm > found in the cipher suite for all further uses. > Further, the suite is parsed out into padding and mode options, which only > exist to pass a few unit tests and reconstruct the cipher suite using the > other specified algorithm. > This leads to some unintuitive behavior, where someone specifying an > algorithm in the cipher suite is not necessarily using their intended > algorithm, unless both options specified the the same algorithm. > To clean this up, the algorithm specified should be renamed and used for key > generation, since some keys can be used across different algorithms > (https://docs.oracle.com/javase/8/docs/api/java/security/Key.html), and the > cipher suite can be used as stated, instead of deconstructing it to then > reconstruct it. -- This message was sent by Atlassian JIRA (v6.4.14#64029)
