[HBASE-10062] Reconsider storing plaintext length in the encrypted block header - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Improvement
Status: Closed
Priority: Minor
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 0.98.0
Component/s: None
Labels:
None

Hadoop Flags:

Reviewed

Description

After ~~HBASE-7544~~, if an HFile belongs to an encrypted family, it is encrypted on a per block basis. The encrypted blocks include the following header:

      // +--------------------------+
      // | vint plaintext length    |
      // +--------------------------+
      // | vint iv length           |
      // +--------------------------+
      // | iv data ...              |
      // +--------------------------+
      // | encrypted block data ... |
      // +--------------------------+

The reason for storing the plaintext length is so we can create an decryption stream over the encrypted block data and, no matter the internal details of the crypto algorithm (whether it adds padding, etc.) after reading the expected plaintext bytes we know the reader is finished. However my colleague Jerry Chen pointed out today this construction mandates the block be processed exactly that way. Storing and using the encrypted data length instead could provide more implementation flexibility down the road.

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

10062.patch
03/Dec/13 04:50
6 kB
Andrew Kyle Purtell

Issue Links

is related to

HBASE-7544 Transparent table/CF encryption

Closed

Activity

People

Assignee:: Andrew Kyle Purtell

Reporter:: Andrew Kyle Purtell

Votes:: 0 Vote for this issue

Watchers:: 7 Start watching this issue

Dates

Created:: 02/Dec/13 07:42

Updated:: 20/Nov/15 11:55

Resolved:: 03/Dec/13 12:49