Encrypt a directory using some key (JAVA)

[Aneela Saleem <an...@platalytics.com>]

Hi,

I have successfully enables Hadoop with KMS and now I want to write some
java code to create key, get keys and encrypt a directory using a key. In
other words, I want to translate this command

hdfs hdfs crypto -createZone -keyName <key_name> -path /encryption_zone

and

hdfs hdfs crypto -listZones


into java code.


Any suggestions will be appreciated.

Thanks

Re: Encrypt a directory using some key (JAVA)

[Aneela Saleem <an...@platalytics.com>]

Thanks Wellington,

I already looked into that. But those KMS HTTP REST API are only for key
management like create key, rollover key, delete key etc. I didn't see any
API for encrypting a zone. If there exist any, then do tell me please!

Thanks Wei-Chiu,

I looked into that. I'm able to create and encrypt the zone by using the
following code from CryptoAdmin class:

Path deepZone = new Path("/d/e/e/p/zone");
fsWrapper.mkdir(deepZone, FsPermission.getDirDefault(), true);
dfsAdmin.createEncryptionZone(deepZone, TEST_KEY, NO_TRASH);


On Thu, Dec 15, 2016 at 1:55 AM, Wei-Chiu Chuang <we...@cloudera.com>
wrote:

> Hi
> If you have access to Hadoop codebase, take a look at CryptoAdmin class,
> which implements these two commands.
> Internally, the commands are implemented via DistributedFileSystem#createEncryptionZone
> and DistributedFileSystem#listEncryptionZones
>
> Regards,
> Wei-Chiu Chuang
> A very happy Clouderan
>
> On Dec 14, 2016, at 5:39 AM, Aneela Saleem <an...@platalytics.com> wrote:
>
> Hi,
>
> I have successfully enables Hadoop with KMS and now I want to write some
> java code to create key, get keys and encrypt a directory using a key. In
> other words, I want to translate this command
>
> hdfs hdfs crypto -createZone -keyName <key_name> -path /encryption_zone
>
> and
>
> hdfs hdfs crypto -listZones
>
>
> into java code.
>
>
> Any suggestions will be appreciated.
>
> Thanks
>
>
>

Re: Encrypt a directory using some key (JAVA)

[Wei-Chiu Chuang <we...@cloudera.com>]

Hi 
If you have access to Hadoop codebase, take a look at CryptoAdmin class, which implements these two commands.
Internally, the commands are implemented via DistributedFileSystem#createEncryptionZone and DistributedFileSystem#listEncryptionZones

Regards,
Wei-Chiu Chuang
A very happy Clouderan

> On Dec 14, 2016, at 5:39 AM, Aneela Saleem <an...@platalytics.com> wrote:
> 
> Hi,
> 
> I have successfully enables Hadoop with KMS and now I want to write some java code to create key, get keys and encrypt a directory using a key. In other words, I want to translate this command
> 
> hdfs hdfs crypto -createZone -keyName <key_name> -path /encryption_zone
> and 
> hdfs hdfs crypto -listZones
> 
> into java code. 
> 
> 
> Any suggestions will be appreciated.
> 
> Thanks

Re: Encrypt a directory using some key (JAVA)

[Wellington Chevreuil <we...@gmail.com>]

Hi Aneela,

All methods from DFS CLI are exposed in KMS HTTP REST API. Your java
application can then make http requests to KMS. Here is an example of
related http request format for creating a key:

POST http://HOST:PORT/kms/v1/keys
Content-Type: application/json

{
  "name"        : "<key-name>",
  "cipher"      : "<cipher>",
  "length"      : <length>,        //int
  "material"    : "<material>",    //base64
  "description" : "<description>"
}




This and all exposed methods are detailed on " KMS HTTP REST API" section
form KMS online documentation here:
http://hadoop.apache.org/docs/r2.7.2/hadoop-kms/index.html

Regards,
Wellington.

2016-12-14 13:39 GMT+00:00 Aneela Saleem <an...@platalytics.com>:

> Hi,
>
> I have successfully enables Hadoop with KMS and now I want to write some
> java code to create key, get keys and encrypt a directory using a key. In
> other words, I want to translate this command
>
> hdfs hdfs crypto -createZone -keyName <key_name> -path /encryption_zone
>
> and
>
> hdfs hdfs crypto -listZones
>
>
> into java code.
>
>
> Any suggestions will be appreciated.
>
> Thanks
>