You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@shardingsphere.apache.org by GitBox <gi...@apache.org> on 2020/08/14 03:52:09 UTC
[GitHub] [shardingsphere] WEIZIBIN opened a new issue #6835: Add EncryptContext parameter to EncryptAlgorithm SPI method
WEIZIBIN opened a new issue #6835:
URL: https://github.com/apache/shardingsphere/issues/6835
## Feature Request
### Is your feature request related to a problem?
not
### Describe the feature you would like.
In many commercial scenarios, the encryption and decryption of sensitive data requires different implementations of different fields in different tables, so the encryptor SPI should provide the context for developer (for example, table name, field name)
maybe add a parameter `EncryptContext` in EncryptAlgorithm#encrypt and EncryptAlgorithm#decrypt method?
https://github.com/apache/shardingsphere/blob/0cac7762f763ca1a2fb18ef9841ed4a246598b83/shardingsphere-features/shardingsphere-encrypt/shardingsphere-encrypt-api/src/main/java/org/apache/shardingsphere/encrypt/spi/EncryptAlgorithm.java#L34
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [shardingsphere] Lucas-307 commented on issue #6835: Add EncryptContext parameter to EncryptAlgorithm SPI method
Posted by GitBox <gi...@apache.org>.
Lucas-307 commented on issue #6835:
URL: https://github.com/apache/shardingsphere/issues/6835#issuecomment-674333641
@WEIZIBIN show me your config.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [shardingsphere] WEIZIBIN edited a comment on issue #6835: Add EncryptContext parameter to EncryptAlgorithm SPI method
Posted by GitBox <gi...@apache.org>.
WEIZIBIN edited a comment on issue #6835:
URL: https://github.com/apache/shardingsphere/issues/6835#issuecomment-674119031
> @WEIZIBIN HI, you can get these info from your rule config. and you can create different SPI implementations for each field that you want to encrypt.
I only found algorithms that can define static class name for different fields.
My actual scenario is like this. There is a remote service that store different secret for encrypting different fields.
Before encrypting, I must get the secret according to the field name . So, It is useful for me can obtained the current field name at the runtime.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [shardingsphere] WEIZIBIN commented on issue #6835: Add EncryptContext parameter to EncryptAlgorithm SPI method
Posted by GitBox <gi...@apache.org>.
WEIZIBIN commented on issue #6835:
URL: https://github.com/apache/shardingsphere/issues/6835#issuecomment-674706230
```
sharding:
encrypt-rule:
encryptors:
t_sample_member_name_encryptor:
type: Remote
props:
table: t_sample_member
column: name_cipher
tables:
t_sample_member:
columns:
name_cipher:
cipherColumn: name_cipher
encryptor: t_sample_member_name_encryptor
```
My current config use props to specific table and name is ok
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [shardingsphere] Lucas-307 commented on issue #6835: Add EncryptContext parameter to EncryptAlgorithm SPI method
Posted by GitBox <gi...@apache.org>.
Lucas-307 commented on issue #6835:
URL: https://github.com/apache/shardingsphere/issues/6835#issuecomment-674009998
@WEIZIBIN HI, you can get these info from your rule config. and you can create different SPI implementations for each field that you want to encrypt.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [shardingsphere] Lucas-307 commented on issue #6835: Add EncryptContext parameter to EncryptAlgorithm SPI method
Posted by GitBox <gi...@apache.org>.
Lucas-307 commented on issue #6835:
URL: https://github.com/apache/shardingsphere/issues/6835#issuecomment-674635340
@WEIZIBIN you can create different encryptors for each, like this:
```yml
sharding:
encrypt-rule:
encryptors:
mobile_encryptor:
type: MobileAESEncryptor
address_encryptor:
type: AddressAESEncryptor
tables:
upms_user_t:
columns:
mobile:
plainColumn: mobile
cipherColumn: mobile_cipher
encryptor: mobile_encryptor
address:
plainColumn: address
cipherColumn: address_cipher
encryptor: address_encryptor
```
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [shardingsphere] WEIZIBIN edited a comment on issue #6835: Add EncryptContext parameter to EncryptAlgorithm SPI method
Posted by GitBox <gi...@apache.org>.
WEIZIBIN edited a comment on issue #6835:
URL: https://github.com/apache/shardingsphere/issues/6835#issuecomment-674345328
> @WEIZIBIN show me your config.
```
shardingsphere:
datasource:
names: master,slave0
master:
driver-class-name: com.mysql.cj.jdbc.Driver
type: com.zaxxer.hikari.HikariDataSource
jdbc-url:
username:
password:
maximumPoolSize: 10
poolName: hikariPool-master
slave0:
driver-class-name: com.mysql.cj.jdbc.Driver
type: com.zaxxer.hikari.HikariDataSource
jdbc-url:
username:
password:
maximumPoolSize: 10
poolName: hikariPool-slave0
sharding:
encrypt-rule:
encryptors:
my_encryptor:
type: RemoteSecretStoreAESEncryptor
tables:
upms_user_t:
columns:
mobile:
plainColumn: mobile
cipherColumn: mobile_cipher
encryptor: my_encryptor
address:
plainColumn: address
cipherColumn: address_cipher
encryptor: my_encryptor
master-slave-rules:
ds0:
master-data-source-name: master
slave-data-source-names: slave0
props:
query.with.cipher.column: false
sql.show: true
```
like this. thx!
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [shardingsphere] Lucas-307 commented on issue #6835: Add EncryptContext parameter to EncryptAlgorithm SPI method
Posted by GitBox <gi...@apache.org>.
Lucas-307 commented on issue #6835:
URL: https://github.com/apache/shardingsphere/issues/6835#issuecomment-675203958
> ```
> sharding:
> encrypt-rule:
> encryptors:
> t_sample_member_name_encryptor:
> type: Remote
> props:
> table: t_sample_member
> column: name_cipher
> tables:
> t_sample_member:
> columns:
> name_cipher:
> cipherColumn: name_cipher
> encryptor: t_sample_member_name_encryptor
> ```
>
> My current config use props to specific table and name is ok
Good idea.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [shardingsphere] WEIZIBIN commented on issue #6835: Add EncryptContext parameter to EncryptAlgorithm SPI method
Posted by GitBox <gi...@apache.org>.
WEIZIBIN commented on issue #6835:
URL: https://github.com/apache/shardingsphere/issues/6835#issuecomment-674704281
> @WEIZIBIN you can create different encryptors for each, like this:
>
> ```yaml
> sharding:
> encrypt-rule:
> encryptors:
> mobile_encryptor:
> type: MobileAESEncryptor
> address_encryptor:
> type: AddressAESEncryptor
> tables:
> upms_user_t:
> columns:
> mobile:
> plainColumn: mobile
> cipherColumn: mobile_cipher
> encryptor: mobile_encryptor
> address:
> plainColumn: address
> cipherColumn: address_cipher
> encryptor: address_encryptor
> ```
It works. but this means that an encrypted field requires a period of configuration, too many configuration for me.
If SPI method has a context would help me a lot.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [shardingsphere] WEIZIBIN commented on issue #6835: Add EncryptContext parameter to EncryptAlgorithm SPI method
Posted by GitBox <gi...@apache.org>.
WEIZIBIN commented on issue #6835:
URL: https://github.com/apache/shardingsphere/issues/6835#issuecomment-674119031
I only found algorithms that can define encryption and decryption on different fields. The actual scenario is like this. There is a key service that uses different keys to encrypt different fields in different tables. The current table name can be obtained in the encryption algorithm. The section name is useful.
> @WEIZIBIN HI, you can get these info from your rule config. and you can create different SPI implementations for each field that you want to encrypt.
I only found algorithms that can define static class name for different fields.
My actual scenario is like this. There is a remote service that store different secret for encrypting different fields.
Before encrypting, I must get the secret according to the field name . So, It is useful for me can obtained the current field name at the runtime.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [shardingsphere] tristaZero commented on issue #6835: Add EncryptContext parameter to EncryptAlgorithm SPI method
Posted by GitBox <gi...@apache.org>.
tristaZero commented on issue #6835:
URL: https://github.com/apache/shardingsphere/issues/6835#issuecomment-674686193
@WEIZIBIN Just a ping. What's your thought?
I think the `encrypt Rule` configuration will help you set the encrypt algorithm for specific tables and columns.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [shardingsphere] WEIZIBIN edited a comment on issue #6835: Add EncryptContext parameter to EncryptAlgorithm SPI method
Posted by GitBox <gi...@apache.org>.
WEIZIBIN edited a comment on issue #6835:
URL: https://github.com/apache/shardingsphere/issues/6835#issuecomment-674345328
> @WEIZIBIN show me your config.
```
shardingsphere:
datasource:
names: master,slave0
master:
driver-class-name: com.mysql.cj.jdbc.Driver
type: com.zaxxer.hikari.HikariDataSource
jdbc-url:
username:
password:
maximumPoolSize: 10
poolName: hikariPool-master
slave0:
driver-class-name: com.mysql.cj.jdbc.Driver
type: com.zaxxer.hikari.HikariDataSource
jdbc-url:
username:
password:
maximumPoolSize: 10
poolName: hikariPool-slave0
sharding:
encrypt-rule:
encryptors:
my_encryptor:
type: RemoteSecretStoreAESEncryptor
tables:
upms_user_t:
columns:
mobile:
plainColumn: mobile
cipherColumn: mobile_cipher
encryptor: my_encryptor
columns:
address:
plainColumn: address
cipherColumn: address_cipher
encryptor: my_encryptor
master-slave-rules:
ds0:
master-data-source-name: master
slave-data-source-names: slave0
props:
query.with.cipher.column: false
sql.show: true
```
like this. thx!
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [shardingsphere] WEIZIBIN edited a comment on issue #6835: Add EncryptContext parameter to EncryptAlgorithm SPI method
Posted by GitBox <gi...@apache.org>.
WEIZIBIN edited a comment on issue #6835:
URL: https://github.com/apache/shardingsphere/issues/6835#issuecomment-674345328
> @WEIZIBIN show me your config.
`
shardingsphere:
datasource:
names: master,slave0
master:
driver-class-name: com.mysql.cj.jdbc.Driver
type: com.zaxxer.hikari.HikariDataSource
jdbc-url:
username:
password:
maximumPoolSize: 10
poolName: hikariPool-master
slave0:
driver-class-name: com.mysql.cj.jdbc.Driver
type: com.zaxxer.hikari.HikariDataSource
jdbc-url:
username:
password:
maximumPoolSize: 10
poolName: hikariPool-slave0
sharding:
encrypt-rule:
encryptors:
my_encryptor:
type: RemoteSecretStoreAESEncryptor
tables:
upms_user_t:
columns:
mobile:
plainColumn: mobile
cipherColumn: mobile_cipher
encryptor: my_encryptor
columns:
address:
plainColumn: address
cipherColumn: address_cipher
encryptor: my_encryptor
master-slave-rules:
ds0:
master-data-source-name: master
slave-data-source-names: slave0
props:
query.with.cipher.column: false
sql.show: true
`
like this. thx!
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [shardingsphere] WEIZIBIN edited a comment on issue #6835: Add EncryptContext parameter to EncryptAlgorithm SPI method
Posted by GitBox <gi...@apache.org>.
WEIZIBIN edited a comment on issue #6835:
URL: https://github.com/apache/shardingsphere/issues/6835#issuecomment-674345328
> @WEIZIBIN show me your config.
```
shardingsphere:
datasource:
names: master,slave0
master:
driver-class-name: com.mysql.cj.jdbc.Driver
type: com.zaxxer.hikari.HikariDataSource
jdbc-url:
username:
password:
maximumPoolSize: 10
poolName: hikariPool-master
slave0:
driver-class-name: com.mysql.cj.jdbc.Driver
type: com.zaxxer.hikari.HikariDataSource
jdbc-url:
username:
password:
maximumPoolSize: 10
poolName: hikariPool-slave0
sharding:
encrypt-rule:
encryptors:
my_encryptor:
type: RemoteSecretStoreAESEncryptor
tables:
upms_user_t:
columns:
mobile:
plainColumn: mobile
cipherColumn: mobile_cipher
encryptor: my_encryptor
address:
plainColumn: address
cipherColumn: address_cipher
encryptor: my_encryptor
master-slave-rules:
ds0:
master-data-source-name: master
slave-data-source-names: slave0
props:
query.with.cipher.column: false
sql.show: true
```
like this. thx!
mobile and address use AES to encrypt, but different secret
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [shardingsphere] WEIZIBIN commented on issue #6835: Add EncryptContext parameter to EncryptAlgorithm SPI method
Posted by GitBox <gi...@apache.org>.
WEIZIBIN commented on issue #6835:
URL: https://github.com/apache/shardingsphere/issues/6835#issuecomment-674345328
> @WEIZIBIN show me your config.
` shardingsphere:
datasource:
names: master,slave0
master:
driver-class-name: com.mysql.cj.jdbc.Driver
type: com.zaxxer.hikari.HikariDataSource
jdbc-url:
username:
password:
maximumPoolSize: 10
poolName: hikariPool-master
slave0:
driver-class-name: com.mysql.cj.jdbc.Driver
type: com.zaxxer.hikari.HikariDataSource
jdbc-url:
username:
password:
maximumPoolSize: 10
poolName: hikariPool-slave0
sharding:
encrypt-rule:
encryptors:
my_encryptor:
type: RemoteSecretStoreAESEncryptor
tables:
upms_user_t:
columns:
mobile:
plainColumn: mobile
cipherColumn: mobile_cipher
encryptor: my_encryptor
columns:
address:
plainColumn: address
cipherColumn: address_cipher
encryptor: my_encryptor
master-slave-rules:
ds0:
master-data-source-name: master
slave-data-source-names: slave0
props:
query.with.cipher.column: false
sql.show: true`
like this. thx!
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [shardingsphere] tristaZero closed issue #6835: Add EncryptContext parameter to EncryptAlgorithm SPI method
Posted by GitBox <gi...@apache.org>.
tristaZero closed issue #6835:
URL: https://github.com/apache/shardingsphere/issues/6835
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [shardingsphere] tristaZero commented on issue #6835: Add EncryptContext parameter to EncryptAlgorithm SPI method
Posted by GitBox <gi...@apache.org>.
tristaZero commented on issue #6835:
URL: https://github.com/apache/shardingsphere/issues/6835#issuecomment-675217311
@WEIZIBIN For many users, they just want to give the configuration instead of the program. If there are many appropriate encrypted algorithms for users, they could simply focus on their configuration for tables and columns.
BTW, if you implement some powerful encrypted algorithms, welcome to contribute the community. :)
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org