You are viewing a plain text version of this content. The canonical link for it is here.

Posted to notifications@accumulo.apache.org by "Michael Allen (JIRA)" <ji...@apache.org> on 2013/04/08 22:15:16 UTC

[jira] [Commented] (ACCUMULO-958) Support pluggable encryption in walogs

    [ https://issues.apache.org/jira/browse/ACCUMULO-958?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13625752#comment-13625752 ] 

Michael Allen commented on ACCUMULO-958:
----------------------------------------

Hi everyone.  I have submitted two new files (attached) in order to address the comments previously raised.  In going over the various classes and interfaces, I found some siginifcant simplifications to make that lead to cleaner code overall.  In the attached PDF, I explain my reasoning for sticking with the current CryptoModule approach and not using the compression codec subsystem.  The attached diff has a working implementation of the proposed changes, including unit tests against both the low level crypto code and the RFile integration.  

Thoughts are welcomed.
                
> Support pluggable encryption in walogs
> --------------------------------------
>
>                 Key: ACCUMULO-958
>                 URL: https://issues.apache.org/jira/browse/ACCUMULO-958
>             Project: Accumulo
>          Issue Type: Improvement
>          Components: logger
>            Reporter: John Vines
>            Assignee: Michael Allen
>             Fix For: 1.6.0
>
>         Attachments: ACCUMULO-958-actual-changes.patch, accumulo-958.diff, accumulo-958-patch.diff, Improving-Crypto-Module-Interface-v1.2.pdf
>
>
> There are some cases where users want encryption at rest for the walogs. It should be fairly trivial to implement it in such a way to insert a CipherOutputStream into the data path (defaulting to using a NullCipher) and then making the Cipher pluggable to users can insert the appropriate mechanisms for their use case.
> This also means swapping in CipherInputStream and putting in a check to make sure the Cipher type's match at read and write time. Possibly a versioning mechanism so people can migrate Ciphers.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira