Details
-
Sub-task
-
Status: Open
-
Major
-
Resolution: Unresolved
-
None
-
None
-
None
Description
The DefaultCipherProvider currently supports AES-128. In some security policies (such as the Application Security and Development STIG), AES-256 is required in certain situations.
I want to add AES-192 and AES-256 support. I quickly tried to implement this as part of HBASE-25263, but after 1-2 days I realized that it worths a separate task in Jira. The main challenge is that the key length and the algorithm needs to be decoupled in the code, and also some more tests need to be added to make sure we are backward-compatible and also supporting AES-192 and AES-256.
Beside defining a new algorithm and key on the Java API, I also want to make the usage of e.g. AES-256 in the shell, like:
create 'test', {NAME => 'cf', ENCRYPTION => 'AES-256', ENCRYPTION_KEY => 'mysecret'}
Also we should support AES-192 and AES-256 in master encryption keys. And we need to document how the users can configure / use it.
Attachments
Issue Links
- is related to
-
-
- Open
-
-
HBASE-16463 Improve transparent table/CF encryption with Commons Crypto
-
- Closed
-
-
HBASE-25263 Change encryption key generation algorithm used in the HBase shell
-
- Resolved
-