[
https://issues.apache.org/jira/browse/HDFS-6391?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Andrew Wang updated HDFS-6391:
------------------------------
Attachment: hdfs-6391.002.patch
Patch attached. This is based off of some work that [~clamb] did.
Essentially, this refactors the key and IV passed around in a lot of places
into a new FileEncryptionInfo class, which also incorporates an identifying
CipherSuite. FEInfo is also stored as a single PB in an xattr and constructed
on demand, which should be compact in memory.
Obvious missing TODO pieces here include:
- New tests, this doesn't really change the end-to-end picture much, I didn't
add any tests. I did run all the changed tests though for some basic validation.
- KeyProvider and EZ integration. We're waiting on HADOOP-10719 and related.
Will be tackled in HDFS-6474 and related.
- Client/server arbitration of CipherSuites, which would include choosing the
CryptoCodec based on the CipherSuite. This I'd like to punt to a follow-on.
> Get the Key/IV from the NameNode for encrypted files in DFSClient
> -----------------------------------------------------------------
>
> Key: HDFS-6391
> URL: https://issues.apache.org/jira/browse/HDFS-6391
> Project: Hadoop HDFS
> Issue Type: Sub-task
> Components: namenode, security
> Reporter: Alejandro Abdelnur
> Assignee: Andrew Wang
> Attachments: HDFS-6391.1.patch, hdfs-6391.002.patch
>
>
> When creating/opening and encrypted file, the DFSClient should get the
> encryption key material and the IV for the file in the create/open RPC call.
> HDFS admin users would never get key material/IV on encrypted files
> create/open.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
