[ https://issues.apache.org/jira/browse/HBASE-25263?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17239752#comment-17239752 ]
Hudson commented on HBASE-25263: -------------------------------- Results for branch branch-2 [build #113 on builds.a.o|https://ci-hadoop.apache.org/job/HBase/job/HBase%20Nightly/job/branch-2/113/]: (x) *{color:red}-1 overall{color}* ---- details (if available): (x) {color:red}-1 general checks{color} -- For more information [see general report|https://ci-hadoop.apache.org/job/HBase/job/HBase%20Nightly/job/branch-2/113/General_20Nightly_20Build_20Report/] (x) {color:red}-1 jdk8 hadoop2 checks{color} -- For more information [see jdk8 (hadoop2) report|https://ci-hadoop.apache.org/job/HBase/job/HBase%20Nightly/job/branch-2/113/JDK8_20Nightly_20Build_20Report_20_28Hadoop2_29/] (x) {color:red}-1 jdk8 hadoop3 checks{color} -- For more information [see jdk8 (hadoop3) report|https://ci-hadoop.apache.org/job/HBase/job/HBase%20Nightly/job/branch-2/113/JDK8_20Nightly_20Build_20Report_20_28Hadoop3_29/] (/) {color:green}+1 jdk11 hadoop3 checks{color} -- For more information [see jdk11 report|https://ci-hadoop.apache.org/job/HBase/job/HBase%20Nightly/job/branch-2/113/JDK11_20Nightly_20Build_20Report_20_28Hadoop3_29/] (/) {color:green}+1 source release artifact{color} -- See build output for details. (/) {color:green}+1 client integration test{color} > Change encryption key generation algorithm used in the HBase shell > ------------------------------------------------------------------ > > Key: HBASE-25263 > URL: https://issues.apache.org/jira/browse/HBASE-25263 > Project: HBase > Issue Type: Improvement > Components: encryption, shell > Reporter: Mate Szalay-Beko > Assignee: Mate Szalay-Beko > Priority: Major > Fix For: 3.0.0-alpha-1, 2.4.0 > > > This PR is a follow-up of HBASE-25181 (#2539), where several issues were > discussed on the PR: > 1. Currently we use {{PBKDF2WithHmacSHA1}} key generation algorithm to > generate a secret key for HFile / WalFile encryption, when the user is > defining a string encryption key in the hbase shell. This algorithm is not > secure enough and not allowed in certain environments (e.g. on FIPS compliant > clusters). We are changing it to {{PBKDF2WithHmacSHA384}}. It will not break > backward-compatibility, as even the tables created by the shell using the new > algorithm will be able to load (e.g. during bulkload / replication) the > HFiles serialized with the key generated by an old algorithm, as the HFiles > themselves already contain the key necessary for their decryption. > Smaller issues to be fixed: > 2. Improve the documentation e.g. with the changes introduced by HBASE-25181 > and also by some points discussed on the Jira ticket of HBASE-25263. > 3. In {{EncryptionUtil.createEncryptionContext}} the various encryption > config checks should throw {{IllegalStateExceptions}} instead of > {{RuntimeExceptions}}. > 4. Test cases in {{TestEncryptionTest.java}} should be broken down into > smaller tests. > 5. {{TestEncryptionDisabled.java}} should use {{ExpectedException}} JUnit > rule to validate exceptions. -- This message was sent by Atlassian Jira (v8.3.4#803005)