[
https://issues.apache.org/jira/browse/ACCUMULO-4737?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16652183#comment-16652183
]
Michael Miller commented on ACCUMULO-4737:
------------------------------------------
is superceded by https://github.com/apache/accumulo/pull/560
> Clean up cipher algorithm configuration
> ---------------------------------------
>
> Key: ACCUMULO-4737
> URL: https://issues.apache.org/jira/browse/ACCUMULO-4737
> Project: Accumulo
> Issue Type: Improvement
> Reporter: Nick Felts
> Assignee: Nick Felts
> Priority: Minor
> Labels: pull-request-available
> Fix For: 2.0.0
>
> Time Spent: 2.5h
> Remaining Estimate: 0h
>
> The two property options:
> crypto.cipher.algorithm.name
> crypto.cipher.suite
> are not used intuitively. For example, as far as I can tell, the only place
> the cipher suite's algorithm name is used is to check for NullCipher. I even
> tested this using bogus strings to confirm. Instead, once the suite is found
> to not indicate NullCipher, the cipher.algorithm.name replaces the algorithm
> found in the cipher suite for all further uses.
> Further, the suite is parsed out into padding and mode options, which only
> exist to pass a few unit tests and reconstruct the cipher suite using the
> other specified algorithm.
> This leads to some unintuitive behavior, where someone specifying an
> algorithm in the cipher suite is not necessarily using their intended
> algorithm, unless both options specified the the same algorithm.
> To clean this up, the algorithm specified should be renamed and used for key
> generation, since some keys can be used across different algorithms
> (https://docs.oracle.com/javase/8/docs/api/java/security/Key.html), and the
> cipher suite can be used as stated, instead of deconstructing it to then
> reconstruct it.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
