Uploaded image for project: 'HBase'
  1. HBase
  2. HBASE-13503 Encryption improvements umbrella
  3. HBASE-25304

Support AES-192 and AES-256 in DefaultCipherProvider

Add voteVotersWatch issueWatchersLinkCloneUpdate Comment AuthorReplace String in CommentUpdate Comment VisibilityDelete Comments
    XMLWordPrintableJSON

Details

    • Sub-task
    • Status: Open
    • Major
    • Resolution: Unresolved
    • None
    • None
    • encryption
    • None

    Description

      The DefaultCipherProvider currently supports AES-128. In some security policies (such as the Application Security and Development STIG), AES-256 is required in certain situations.

      I want to add AES-192 and AES-256 support. I quickly tried to implement this as part of HBASE-25263, but after 1-2 days I realized that it worths a separate task in Jira. The main challenge is that the key length and the algorithm needs to be decoupled in the code, and also some more tests need to be added to make sure we are backward-compatible and also supporting AES-192 and AES-256.

      Beside defining a new algorithm and key on the Java API, I also want to make the usage of e.g. AES-256 in the shell, like:

      create 'test', {NAME => 'cf', ENCRYPTION => 'AES-256', ENCRYPTION_KEY => 'mysecret'}
      

       

      Also we should support AES-192 and AES-256 in master encryption keys. And we need to document how the users can configure / use it.

      Attachments

        Issue Links

        Activity

          This comment will be Viewable by All Users Viewable by All Users
          Cancel

          People

            symat Mate Szalay-Beko
            symat Mate Szalay-Beko

            Dates

              Created:
              Updated:

              Slack

                Issue deployment