hadoop-common-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Arun Suresh (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (HADOOP-10719) Add generateEncryptedKey and decryptEncryptedKey methods to KeyProvider
Date Tue, 01 Jul 2014 22:31:25 GMT

     [ https://issues.apache.org/jira/browse/HADOOP-10719?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel

Arun Suresh updated HADOOP-10719:

    Attachment: HADOOP-10719.2.patch

Uploading updated patch..
I think i've addressed all your comments. Although :

bq. KeyProviderCryptoExtension.EncryptedKeyVersion constructor should be visible to enable
creation by extension implementations outside of the default one. Maybe protected and force
extension impls to have its own a subclass? (we are doing that today with KeyVersion)

I've removed the private but I've decided against having impls having a subclass of EncryptedKeyVersion.
I feel it encapsulates everything required.

> Add generateEncryptedKey and decryptEncryptedKey methods to KeyProvider
> -----------------------------------------------------------------------
>                 Key: HADOOP-10719
>                 URL: https://issues.apache.org/jira/browse/HADOOP-10719
>             Project: Hadoop Common
>          Issue Type: Improvement
>          Components: security
>    Affects Versions: 3.0.0
>            Reporter: Alejandro Abdelnur
>            Assignee: Arun Suresh
>         Attachments: HADOOP-10719.1.patch, HADOOP-10719.2.patch, HADOOP-10719.patch,
HADOOP-10719.patch, HADOOP-10719.patch, HADOOP-10719.patch, HADOOP-10719.patch
> This is a follow up on [HDFS-6134|https://issues.apache.org/jira/browse/HDFS-6134?focusedCommentId=14036044&page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-14036044]
> KeyProvider API should  have 2 new methods:
> * KeyVersion generateEncryptedKey(String keyVersionName, byte[] iv)
> * KeyVersion decryptEncryptedKey(String keyVersionName, byte[] iv, KeyVersion encryptedKey)
> The implementation would do a known transformation on the IV (i.e.: xor with 0xff the
original IV).

This message was sent by Atlassian JIRA

View raw message