[
https://issues.apache.org/jira/browse/HBASE-13002?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14315688#comment-14315688
]
Ashish Singhi commented on HBASE-13002:
---------------------------------------
Thanks [~andrew.purt...@gmail.com] for the review.
We had a requirement from a user to use some other cipher encryption algorithm
and not AES. So we thought of making it configurable.
bq. We don't want key wrapping to use a potentially insecure algorithm.
Yes, definitely. Should I explicitly mention it somewhere in the code or just
add in release note will do ?
bq. Remove this part or introduce a configuration for separately defining what
algorithm is used for key wrapping.
Yes, the new configuration {{hbase.crypto.key.algorithm}} is introduced for
that. So whichever user configures it to will be used for key wrapping.
bq. The test is "TestAES", so substituting another cipher doesn't make sense:
Yes, addressed in the v1 patch.
Please review and let me know if anything I missed to address.
> Make encryption cipher configurable
> -----------------------------------
>
> Key: HBASE-13002
> URL: https://issues.apache.org/jira/browse/HBASE-13002
> Project: HBase
> Issue Type: Improvement
> Reporter: Ashish Singhi
> Assignee: Ashish Singhi
> Fix For: 2.0.0, 1.0.1, 1.1.0, 0.98.11
>
> Attachments: HBASE-13002-v1.patch, HBASE-13002.patch
>
>
> Make encryption cipher configurable currently it is hard coded to AES, so
> that user can configure his/her own algorithm.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
