[
https://issues.apache.org/jira/browse/ACCUMULO-958?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13563062#comment-13563062
]
Michael Allen commented on ACCUMULO-958:
----------------------------------------
I've implemented a fairly generic, fairly pluggable encryption streaming
architecture (see org.apache.accumulo.core.security.crypto for classes and
interfaces). It might change as we figure out more of our requirements in this
area, which is why the primary interface is already marked deprecated, even
though this is the first iteration. (Is there a better Apache-style marking
for that kind of thing?)
The encryption stream right now is only attached to the WAL logs, but could be
wired up to RFiles and Map files without too much more trouble.
Submitting patch now.
> Support pluggable encryption in walogs
> --------------------------------------
>
> Key: ACCUMULO-958
> URL: https://issues.apache.org/jira/browse/ACCUMULO-958
> Project: Accumulo
> Issue Type: Improvement
> Components: logger
> Reporter: John Vines
> Assignee: John Vines
> Fix For: 1.5.0
>
>
> There are some cases where users want encryption at rest for the walogs. It
> should be fairly trivial to implement it in such a way to insert a
> CipherOutputStream into the data path (defaulting to using a NullCipher) and
> then making the Cipher pluggable to users can insert the appropriate
> mechanisms for their use case.
> This also means swapping in CipherInputStream and putting in a check to make
> sure the Cipher type's match at read and write time. Possibly a versioning
> mechanism so people can migrate Ciphers.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
