You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@accumulo.apache.org by "Michael Allen (JIRA)" <ji...@apache.org> on 2013/04/08 22:15:16 UTC
[jira] [Commented] (ACCUMULO-958) Support pluggable encryption in
walogs
[ https://issues.apache.org/jira/browse/ACCUMULO-958?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13625752#comment-13625752 ]
Michael Allen commented on ACCUMULO-958:
----------------------------------------
Hi everyone. I have submitted two new files (attached) in order to address the comments previously raised. In going over the various classes and interfaces, I found some siginifcant simplifications to make that lead to cleaner code overall. In the attached PDF, I explain my reasoning for sticking with the current CryptoModule approach and not using the compression codec subsystem. The attached diff has a working implementation of the proposed changes, including unit tests against both the low level crypto code and the RFile integration.
Thoughts are welcomed.
> Support pluggable encryption in walogs
> --------------------------------------
>
> Key: ACCUMULO-958
> URL: https://issues.apache.org/jira/browse/ACCUMULO-958
> Project: Accumulo
> Issue Type: Improvement
> Components: logger
> Reporter: John Vines
> Assignee: Michael Allen
> Fix For: 1.6.0
>
> Attachments: ACCUMULO-958-actual-changes.patch, accumulo-958.diff, accumulo-958-patch.diff, Improving-Crypto-Module-Interface-v1.2.pdf
>
>
> There are some cases where users want encryption at rest for the walogs. It should be fairly trivial to implement it in such a way to insert a CipherOutputStream into the data path (defaulting to using a NullCipher) and then making the Cipher pluggable to users can insert the appropriate mechanisms for their use case.
> This also means swapping in CipherInputStream and putting in a check to make sure the Cipher type's match at read and write time. Possibly a versioning mechanism so people can migrate Ciphers.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira