You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@hbase.apache.org by "Mate Szalay-Beko (Jira)" <ji...@apache.org> on 2020/11/18 16:59:00 UTC

[jira] [Created] (HBASE-25304) Support AES-192 and AES-256 in DefaultCipherProvider

Mate Szalay-Beko created HBASE-25304:
----------------------------------------

             Summary: Support AES-192 and AES-256 in DefaultCipherProvider
                 Key: HBASE-25304
                 URL: https://issues.apache.org/jira/browse/HBASE-25304
             Project: HBase
          Issue Type: Improvement
          Components: encryption
            Reporter: Mate Szalay-Beko
            Assignee: Mate Szalay-Beko


The DefaultCipherProvider currently supports AES-128. In some security policies (such as the Application Security and Development STIG), AES-256 is required in certain situations.

I want to add AES-192 and AES-256 support. I quickly tried to implement this as part of HBASE-25263, but after 1-2 days I realized that it worths a separate task in Jira. The main challenge is that the key length and the algorithm needs to be decoupled in the code, and also some more tests need to be added to make sure we are backward-compatible and also supporting AES-192 and AES-256.

Beside defining a new algorithm and key on the Java API, I also want to make the usage of e.g. AES-256 in the shell, like:
{code:java}
create 'test', {NAME => 'cf', ENCRYPTION => 'AES-256', ENCRYPTION_KEY => 'mysecret'}
{code}
 

Also we should support AES-192 and AES-256 in master encryption keys. And we need to document how the users can configure / use it.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)