You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@cassandra.apache.org by "Jason Brown (JIRA)" <ji...@apache.org> on 2015/07/30 23:31:06 UTC

[jira] [Commented] (CASSANDRA-9945) Add transparent data encryption core classes

    [ https://issues.apache.org/jira/browse/CASSANDRA-9945?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14648342#comment-14648342 ] 

Jason Brown commented on CASSANDRA-9945:
----------------------------------------

Added link to the branch up on github (see above).

NOTE: to test this code (there's only one test class for this submission), you need to have the Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files 8 installed. It's a jar that can be downloaded from Oracle (current link: http://www.oracle.com/technetwork/java/javase/downloads/jce8-download-2133166.html).

Highlights of patch:
- created new yaml section called "transparent_data_encryption_options". The config allows users to set the name of the keystore as well as the key (alias) within the keystore to use. This allows multiple keys to be used from the same store, and further allows users to migrate keys (see later). 
- added CipherFactory as a proxy for loading and caching keys in memory, as well as getting instances of Ciphers (using the loaded keys).
- KeyProvider interface allows keys to either be loaded from a local keystore (via the default implementation, JKSKeyProvider), or to be loaded from a custom source. We need that functionality at $DAY_JOB, hence the reason for the pluggable implementation.



> Add transparent data encryption core classes
> --------------------------------------------
>
>                 Key: CASSANDRA-9945
>                 URL: https://issues.apache.org/jira/browse/CASSANDRA-9945
>             Project: Cassandra
>          Issue Type: Improvement
>            Reporter: Jason Brown
>            Assignee: Jason Brown
>              Labels: encryption
>             Fix For: 3.0 beta 1
>
>
> This patch will add the core infrastructure classes necessary for transparent data encryption (file-level encryption), as required for CASSANDRA-6018 and CASSANDRA-9633.  The phrase "transparent data encryption", while not the most aesthetically pleasing, seems to be used throughout the database industry (Oracle, SQLQServer, Datastax Enterprise) to describe file level encryption, so we're go with that, as well. 



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)