[jira] [Commented] (HDFS-6724) Decrypt EDEK before creating CryptoInputStream/CryptoOutputStream
[ https://issues.apache.org/jira/browse/HDFS-6724?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14073891#comment-14073891 ] Yi Liu commented on HDFS-6724: -- Look good to me, +1, Thanks Andrew. > Decrypt EDEK before creating CryptoInputStream/CryptoOutputStream > - > > Key: HDFS-6724 > URL: https://issues.apache.org/jira/browse/HDFS-6724 > Project: Hadoop HDFS > Issue Type: Sub-task > Components: security >Affects Versions: fs-encryption (HADOOP-10150 and HDFS-6134) >Reporter: Yi Liu >Assignee: Andrew Wang > Attachments: hdfs-6724.001.patch, hdfs-6724.002.patch > > > In DFSClient, we need to decrypt EDEK before creating > CryptoInputStream/CryptoOutputStream, currently edek is used directly. -- This message was sent by Atlassian JIRA (v6.2#6252)
[jira] [Commented] (HDFS-6724) Decrypt EDEK before creating CryptoInputStream/CryptoOutputStream
[ https://issues.apache.org/jira/browse/HDFS-6724?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14073886#comment-14073886 ] Charles Lamb commented on HDFS-6724: +1. Thanks Andrew. > Decrypt EDEK before creating CryptoInputStream/CryptoOutputStream > - > > Key: HDFS-6724 > URL: https://issues.apache.org/jira/browse/HDFS-6724 > Project: Hadoop HDFS > Issue Type: Sub-task > Components: security >Affects Versions: fs-encryption (HADOOP-10150 and HDFS-6134) >Reporter: Yi Liu >Assignee: Andrew Wang > Attachments: hdfs-6724.001.patch, hdfs-6724.002.patch > > > In DFSClient, we need to decrypt EDEK before creating > CryptoInputStream/CryptoOutputStream, currently edek is used directly. -- This message was sent by Atlassian JIRA (v6.2#6252)
[jira] [Commented] (HDFS-6724) Decrypt EDEK before creating CryptoInputStream/CryptoOutputStream
[
https://issues.apache.org/jira/browse/HDFS-6724?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14073797#comment-14073797
]
Charles Lamb commented on HDFS-6724:
Hi [~andrew.wang],
I only have a few little nits. In general I'm +1, but I'd like to hear what Yi
has to say.
DFSUtil.java:
{code}
@throws java.io.IOException.
{code}
You don't need java.io. since it's imported.
KeyProviderCryptoExtension.java:
{code}
* @param encryptedKeyIv Initialization vector of the encrypted
* key. The IV of the encryption key used to
* encrypt the encrypted key is derived from
* this IV.
{code}
In this comment would it be possible to add the word "data" as in "data
encryption key" to help clarify the difference between the two keys? I realize
you've already got "encrypted" and "encryption", but that's a subtle difference
and likely to be lost on an unfamiliar reader.
TestEncryptionZones.java:
I don't see a lot of System.out.printlns in unit tests. I suppose it's because
it's harder to find the output. Would it be more vogue to use logging?
> Decrypt EDEK before creating CryptoInputStream/CryptoOutputStream
> -
>
> Key: HDFS-6724
> URL: https://issues.apache.org/jira/browse/HDFS-6724
> Project: Hadoop HDFS
> Issue Type: Sub-task
> Components: security
>Affects Versions: fs-encryption (HADOOP-10150 and HDFS-6134)
>Reporter: Yi Liu
>Assignee: Andrew Wang
> Attachments: hdfs-6724.001.patch
>
>
> In DFSClient, we need to decrypt EDEK before creating
> CryptoInputStream/CryptoOutputStream, currently edek is used directly.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
