You are viewing a plain text version of this content. The canonical link for it is here.

Posted to common-issues@hadoop.apache.org by "Rajesh Balamohan (JIRA)" <ji...@apache.org> on 2013/08/29 06:10:59 UTC

[jira] [Commented] (HADOOP-9331) Hadoop crypto codec framework and crypto codec implementations

    [ https://issues.apache.org/jira/browse/HADOOP-9331?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13753281#comment-13753281 ] 

Rajesh Balamohan commented on HADOOP-9331:
------------------------------------------

First of all, thanks for adding the design doc in pdf. 

Are there any plans to support to store the symmetric encryption keys in Hardware Security Module (HSM)?  It is quite possible that people would like to have certain compliance. 

                
> Hadoop crypto codec framework and crypto codec implementations
> --------------------------------------------------------------
>
>                 Key: HADOOP-9331
>                 URL: https://issues.apache.org/jira/browse/HADOOP-9331
>             Project: Hadoop Common
>          Issue Type: New Feature
>          Components: security
>    Affects Versions: 3.0.0
>            Reporter: Jerry Chen
>         Attachments: Hadoop Crypto Design.pdf
>
>   Original Estimate: 504h
>  Remaining Estimate: 504h
>
> For use cases that deal with sensitive data, we often need to encrypt data to be stored safely at rest. Hadoop common provides a codec framework for compression algorithms. We start here. However because encryption algorithms require some additional configuration and methods for key management, we introduce a crypto codec framework that builds on the compression codec framework. It cleanly distinguishes crypto algorithms from compression algorithms, but shares common interfaces between them where possible, and also carries extended interfaces where necessary to satisfy those needs. We also introduce a generic Key type, and supporting utility methods and classes, as a necessary abstraction for dealing with both Java crypto keys and PGP keys.
> The task for this feature breaks into two parts:
> 1. The crypto codec framework that based on compression codec which can be shared by all crypto codec implementations.
> 2. The codec implementations such as AES and others.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira