You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@hbase.apache.org by ap...@apache.org on 2014/04/11 17:47:41 UTC
svn commit: r1586694 - in /hbase/trunk:
hbase-common/src/main/java/org/apache/hadoop/hbase/io/crypto/Encryption.java
hbase-shell/src/main/ruby/hbase/admin.rb
Author: apurtell
Date: Fri Apr 11 15:47:41 2014
New Revision: 1586694
URL: http://svn.apache.org/r1586694
Log:
HBASE-10951 Use PBKDF2 to generate test encryption keys in the shell
Modified:
hbase/trunk/hbase-common/src/main/java/org/apache/hadoop/hbase/io/crypto/Encryption.java
hbase/trunk/hbase-shell/src/main/ruby/hbase/admin.rb
Modified: hbase/trunk/hbase-common/src/main/java/org/apache/hadoop/hbase/io/crypto/Encryption.java
URL: http://svn.apache.org/viewvc/hbase/trunk/hbase-common/src/main/java/org/apache/hadoop/hbase/io/crypto/Encryption.java?rev=1586694&r1=1586693&r2=1586694&view=diff
==============================================================================
--- hbase/trunk/hbase-common/src/main/java/org/apache/hadoop/hbase/io/crypto/Encryption.java (original)
+++ hbase/trunk/hbase-common/src/main/java/org/apache/hadoop/hbase/io/crypto/Encryption.java Fri Apr 11 15:47:41 2014
@@ -23,9 +23,12 @@ import java.security.DigestException;
import java.security.Key;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
+import java.security.spec.InvalidKeySpecException;
import java.util.Map;
import java.util.concurrent.ConcurrentHashMap;
+import javax.crypto.SecretKeyFactory;
+import javax.crypto.spec.PBEKeySpec;
import javax.crypto.spec.SecretKeySpec;
import org.apache.commons.io.IOUtils;
@@ -200,6 +203,52 @@ public final class Encryption {
}
/**
+ * Return a 128 bit key derived from the concatenation of the supplied
+ * arguments using PBKDF2WithHmacSHA1 at 10,000 iterations.
+ *
+ */
+ public static byte[] pbkdf128(String... args) {
+ byte[] salt = new byte[128];
+ Bytes.random(salt);
+ StringBuilder sb = new StringBuilder();
+ for (String s: args) {
+ sb.append(s);
+ }
+ PBEKeySpec spec = new PBEKeySpec(sb.toString().toCharArray(), salt, 10000, 128);
+ try {
+ return SecretKeyFactory.getInstance("PBKDF2WithHmacSHA1")
+ .generateSecret(spec).getEncoded();
+ } catch (NoSuchAlgorithmException e) {
+ throw new RuntimeException(e);
+ } catch (InvalidKeySpecException e) {
+ throw new RuntimeException(e);
+ }
+ }
+
+ /**
+ * Return a 128 bit key derived from the concatenation of the supplied
+ * arguments using PBKDF2WithHmacSHA1 at 10,000 iterations.
+ *
+ */
+ public static byte[] pbkdf128(byte[]... args) {
+ byte[] salt = new byte[128];
+ Bytes.random(salt);
+ StringBuilder sb = new StringBuilder();
+ for (byte[] b: args) {
+ sb.append(b);
+ }
+ PBEKeySpec spec = new PBEKeySpec(sb.toString().toCharArray(), salt, 10000, 128);
+ try {
+ return SecretKeyFactory.getInstance("PBKDF2WithHmacSHA1")
+ .generateSecret(spec).getEncoded();
+ } catch (NoSuchAlgorithmException e) {
+ throw new RuntimeException(e);
+ } catch (InvalidKeySpecException e) {
+ throw new RuntimeException(e);
+ }
+ }
+
+ /**
* Encrypt a block of plaintext
* <p>
* The encryptor's state will be finalized. It should be reinitialized or
Modified: hbase/trunk/hbase-shell/src/main/ruby/hbase/admin.rb
URL: http://svn.apache.org/viewvc/hbase/trunk/hbase-shell/src/main/ruby/hbase/admin.rb?rev=1586694&r1=1586693&r2=1586694&view=diff
==============================================================================
--- hbase/trunk/hbase-shell/src/main/ruby/hbase/admin.rb (original)
+++ hbase/trunk/hbase-shell/src/main/ruby/hbase/admin.rb Fri Apr 11 15:47:41 2014
@@ -640,7 +640,7 @@ module Hbase
algorithm = arg.delete(org.apache.hadoop.hbase.HColumnDescriptor::ENCRYPTION).upcase
family.setEncryptionType(algorithm)
if arg.include?(org.apache.hadoop.hbase.HColumnDescriptor::ENCRYPTION_KEY)
- key = org.apache.hadoop.hbase.io.crypto.Encryption.hash128(
+ key = org.apache.hadoop.hbase.io.crypto.Encryption.pbkdf128(
arg.delete(org.apache.hadoop.hbase.HColumnDescriptor::ENCRYPTION_KEY))
family.setEncryptionKey(org.apache.hadoop.hbase.security.EncryptionUtil.wrapKey(@conf, key,
algorithm))