[ https://issues.apache.org/jira/browse/HDFS-6391?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Andrew Wang updated HDFS-6391: ------------------------------ Attachment: hdfs-6391.002.patch Patch attached. This is based off of some work that [~clamb] did. Essentially, this refactors the key and IV passed around in a lot of places into a new FileEncryptionInfo class, which also incorporates an identifying CipherSuite. FEInfo is also stored as a single PB in an xattr and constructed on demand, which should be compact in memory. Obvious missing TODO pieces here include: - New tests, this doesn't really change the end-to-end picture much, I didn't add any tests. I did run all the changed tests though for some basic validation. - KeyProvider and EZ integration. We're waiting on HADOOP-10719 and related. Will be tackled in HDFS-6474 and related. - Client/server arbitration of CipherSuites, which would include choosing the CryptoCodec based on the CipherSuite. This I'd like to punt to a follow-on. > Get the Key/IV from the NameNode for encrypted files in DFSClient > ----------------------------------------------------------------- > > Key: HDFS-6391 > URL: https://issues.apache.org/jira/browse/HDFS-6391 > Project: Hadoop HDFS > Issue Type: Sub-task > Components: namenode, security > Reporter: Alejandro Abdelnur > Assignee: Andrew Wang > Attachments: HDFS-6391.1.patch, hdfs-6391.002.patch > > > When creating/opening and encrypted file, the DFSClient should get the > encryption key material and the IV for the file in the create/open RPC call. > HDFS admin users would never get key material/IV on encrypted files > create/open. -- This message was sent by Atlassian JIRA (v6.2#6252)