[
https://issues.apache.org/jira/browse/HBASE-25304?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17423384#comment-17423384
]
Andrew Kyle Purtell commented on HBASE-25304:
---------------------------------------------
Does the provider offered after HBASE-16463 give you 192 and/or 256 bit key
length options? (I haven't looked yet...)
> Support AES-192 and AES-256 in DefaultCipherProvider
> ----------------------------------------------------
>
> Key: HBASE-25304
> URL: https://issues.apache.org/jira/browse/HBASE-25304
> Project: HBase
> Issue Type: Improvement
> Components: encryption
> Reporter: Mate Szalay-Beko
> Assignee: Mate Szalay-Beko
> Priority: Major
>
> The DefaultCipherProvider currently supports AES-128. In some security
> policies (such as the Application Security and Development STIG), AES-256 is
> required in certain situations.
> I want to add AES-192 and AES-256 support. I quickly tried to implement this
> as part of HBASE-25263, but after 1-2 days I realized that it worths a
> separate task in Jira. The main challenge is that the key length and the
> algorithm needs to be decoupled in the code, and also some more tests need to
> be added to make sure we are backward-compatible and also supporting AES-192
> and AES-256.
> Beside defining a new algorithm and key on the Java API, I also want to make
> the usage of e.g. AES-256 in the shell, like:
> {code:java}
> create 'test', {NAME => 'cf', ENCRYPTION => 'AES-256', ENCRYPTION_KEY =>
> 'mysecret'}
> {code}
>
> Also we should support AES-192 and AES-256 in master encryption keys. And we
> need to document how the users can configure / use it.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
