@InterfaceAudience.Public public final class Encryption extends Object
Modifier and Type | Class and Description |
---|---|
static class |
Encryption.Context
Crypto context
|
Modifier and Type | Field and Description |
---|---|
static boolean |
CRYPTO_ENABLED_CONF_DEFAULT
Default value for globally enable / disable column family encryption
(set to "true" for backward compatibility)
|
static String |
CRYPTO_ENABLED_CONF_KEY
Configuration key for globally enable / disable column family encryption
|
static boolean |
CRYPTO_KEY_FAIL_ON_ALGORITHM_MISMATCH_CONF_DEFAULT
Default behaviour is not to fail if the hash algorithm configured differs from the one
used in the HFile.
|
static String |
CRYPTO_KEY_FAIL_ON_ALGORITHM_MISMATCH_CONF_KEY
Configuration key for specifying the behaviour if the configured hash algorithm
differs from the one used for generating key hash in encrypted HFiles currently being read.
|
static String |
CRYPTO_KEY_HASH_ALGORITHM_CONF_DEFAULT
Default hash algorithm used for generating key hash in encrypted HFiles.
|
static String |
CRYPTO_KEY_HASH_ALGORITHM_CONF_KEY
Configuration key for the hash algorithm used for generating key hash in encrypted HFiles.
|
(package private) static Map<Pair<String,String>,KeyProvider> |
keyProviderCache |
private static org.slf4j.Logger |
LOG |
Modifier | Constructor and Description |
---|---|
private |
Encryption() |
Modifier and Type | Method and Description |
---|---|
static byte[] |
computeCryptoKeyHash(org.apache.hadoop.conf.Configuration conf,
byte[] arg)
Returns the hash of the supplied argument, using the hash algorithm
specified in the given config.
|
static void |
decrypt(byte[] dest,
int destOffset,
InputStream in,
int destSize,
Decryptor d)
Decrypt a block of ciphertext read in from a stream with the given
cipher and context
|
static void |
decrypt(byte[] dest,
int destOffset,
InputStream in,
int destSize,
Encryption.Context context,
byte[] iv)
Decrypt a block of ciphertext from a stream given a context and IV
|
static void |
decrypt(OutputStream out,
InputStream in,
int outLen,
Decryptor d)
Decrypt a stream of ciphertext given a decryptor
|
static void |
decrypt(OutputStream out,
InputStream in,
int outLen,
Encryption.Context context,
byte[] iv)
Decrypt a stream of ciphertext given a context and IV
|
static void |
decryptWithSubjectKey(OutputStream out,
InputStream in,
int outLen,
String subject,
org.apache.hadoop.conf.Configuration conf,
Cipher cipher,
byte[] iv)
Decrypts a block of ciphertext with the symmetric key resolved for the given subject
|
static void |
encrypt(OutputStream out,
byte[] src,
int offset,
int length,
Encryption.Context context,
byte[] iv)
Encrypt a block of plaintext
|
static void |
encrypt(OutputStream out,
byte[] src,
int offset,
int length,
Encryptor e)
Encrypt a block of plaintext
|
static void |
encrypt(OutputStream out,
InputStream in,
Encryption.Context context,
byte[] iv)
Encrypt a stream of plaintext given a context and IV
|
static void |
encrypt(OutputStream out,
InputStream in,
Encryptor e)
Encrypt a stream of plaintext given an encryptor
|
static void |
encryptWithSubjectKey(OutputStream out,
InputStream in,
String subject,
org.apache.hadoop.conf.Configuration conf,
Cipher cipher,
byte[] iv)
Encrypts a block of plaintext with the symmetric key resolved for the given subject
|
static boolean |
failOnHashAlgorithmMismatch(org.apache.hadoop.conf.Configuration conf)
Returns the Hash Algorithm mismatch behaviour defined in the crypto configuration.
|
static byte[] |
generateSecretKey(org.apache.hadoop.conf.Configuration conf,
String cypherAlg,
byte[]... args)
Return a key derived from the concatenation of the supplied arguments using
PBKDF2WithHmacSHA384 key derivation algorithm at 10,000 iterations.
|
static byte[] |
generateSecretKey(org.apache.hadoop.conf.Configuration conf,
String cypherAlg,
String... args)
Return a key derived from the concatenation of the supplied arguments using
PBKDF2WithHmacSHA384 key derivation algorithm at 10,000 iterations.
|
private static byte[] |
generateSecretKey(String algorithm,
int keyLengthBytes,
char[] password)
Return a key (byte array) derived from the supplied password argument using the given
algorithm with a random salt at 10,000 iterations.
|
static Cipher |
getCipher(org.apache.hadoop.conf.Configuration conf,
String name)
Get an cipher given a name
|
static CipherProvider |
getCipherProvider(org.apache.hadoop.conf.Configuration conf) |
private static ClassLoader |
getClassLoaderForClass(Class<?> c) |
static String |
getConfiguredHashAlgorithm(org.apache.hadoop.conf.Configuration conf)
Returns the Hash Algorithm defined in the crypto configuration.
|
static KeyProvider |
getKeyProvider(org.apache.hadoop.conf.Configuration conf) |
static Key |
getSecretKeyForSubject(String subject,
org.apache.hadoop.conf.Configuration conf)
Resolves a key for the given subject
|
static String[] |
getSupportedCiphers()
Get names of supported encryption algorithms
|
static String[] |
getSupportedCiphers(org.apache.hadoop.conf.Configuration conf)
Get names of supported encryption algorithms
|
static byte[] |
hash128(byte[]... args)
Return the MD5 digest of the concatenation of the supplied arguments.
|
static byte[] |
hash128(String... args)
Return the MD5 digest of the concatenation of the supplied arguments.
|
static byte[] |
hash256(byte[]... args)
Return the SHA-256 digest of the concatenation of the supplied arguments.
|
static byte[] |
hash256(String... args)
Return the SHA-256 digest of the concatenation of the supplied arguments.
|
static byte[] |
hashWithAlg(String algorithm,
byte[]... args)
Return the hash of the concatenation of the supplied arguments, using the
hash algorithm provided.
|
static void |
incrementIv(byte[] iv) |
static void |
incrementIv(byte[] iv,
int v) |
static boolean |
isEncryptionEnabled(org.apache.hadoop.conf.Configuration conf)
Returns true if the column family encryption feature is enabled globally.
|
static Encryption.Context |
newContext() |
static Encryption.Context |
newContext(org.apache.hadoop.conf.Configuration conf) |
static byte[] |
pbkdf128(byte[]... args)
Return a 128 bit key derived from the concatenation of the supplied
arguments using PBKDF2WithHmacSHA1 at 10,000 iterations.
|
static byte[] |
pbkdf128(String... args)
Return a 128 bit key derived from the concatenation of the supplied
arguments using PBKDF2WithHmacSHA1 at 10,000 iterations.
|
private static final org.slf4j.Logger LOG
public static final String CRYPTO_ENABLED_CONF_KEY
public static final boolean CRYPTO_ENABLED_CONF_DEFAULT
public static final String CRYPTO_KEY_HASH_ALGORITHM_CONF_KEY
public static final String CRYPTO_KEY_HASH_ALGORITHM_CONF_DEFAULT
public static final String CRYPTO_KEY_FAIL_ON_ALGORITHM_MISMATCH_CONF_KEY
public static final boolean CRYPTO_KEY_FAIL_ON_ALGORITHM_MISMATCH_CONF_DEFAULT
static final Map<Pair<String,String>,KeyProvider> keyProviderCache
private Encryption()
public static Encryption.Context newContext()
public static Encryption.Context newContext(org.apache.hadoop.conf.Configuration conf)
public static boolean isEncryptionEnabled(org.apache.hadoop.conf.Configuration conf)
public static Cipher getCipher(org.apache.hadoop.conf.Configuration conf, String name)
name
- the cipher namepublic static String[] getSupportedCiphers()
public static String[] getSupportedCiphers(org.apache.hadoop.conf.Configuration conf)
public static String getConfiguredHashAlgorithm(org.apache.hadoop.conf.Configuration conf)
public static boolean failOnHashAlgorithmMismatch(org.apache.hadoop.conf.Configuration conf)
public static byte[] computeCryptoKeyHash(org.apache.hadoop.conf.Configuration conf, byte[] arg)
public static byte[] hash128(String... args)
public static byte[] hash128(byte[]... args)
public static byte[] hash256(String... args)
public static byte[] hash256(byte[]... args)
public static byte[] pbkdf128(String... args)
public static byte[] pbkdf128(byte[]... args)
public static byte[] generateSecretKey(org.apache.hadoop.conf.Configuration conf, String cypherAlg, String... args)
public static byte[] generateSecretKey(org.apache.hadoop.conf.Configuration conf, String cypherAlg, byte[]... args)
private static byte[] generateSecretKey(String algorithm, int keyLengthBytes, char[] password)
algorithm
- the secret key generation algorithm to usekeyLengthBytes
- the length of the key to be derived (in bytes, not in bits)password
- char array to use as password for the key generation algorithmpublic static void encrypt(OutputStream out, byte[] src, int offset, int length, Encryptor e) throws IOException
The encryptor's state will be finalized. It should be reinitialized or returned to the pool.
out
- ciphertextsrc
- plaintextoffset
- length
- e
- IOException
public static void encrypt(OutputStream out, byte[] src, int offset, int length, Encryption.Context context, byte[] iv) throws IOException
out
- ciphertextsrc
- plaintextoffset
- length
- context
- iv
- IOException
public static void encrypt(OutputStream out, InputStream in, Encryptor e) throws IOException
The encryptor's state will be finalized. It should be reinitialized or returned to the pool.
out
- ciphertextin
- plaintexte
- IOException
public static void encrypt(OutputStream out, InputStream in, Encryption.Context context, byte[] iv) throws IOException
out
- ciphertextin
- plaintetcontext
- iv
- IOException
public static void decrypt(byte[] dest, int destOffset, InputStream in, int destSize, Decryptor d) throws IOException
The decryptor's state will be finalized. It should be reinitialized or returned to the pool.
dest
- destOffset
- in
- destSize
- d
- IOException
public static void decrypt(byte[] dest, int destOffset, InputStream in, int destSize, Encryption.Context context, byte[] iv) throws IOException
dest
- destOffset
- in
- destSize
- context
- iv
- IOException
public static void decrypt(OutputStream out, InputStream in, int outLen, Decryptor d) throws IOException
out
- in
- outLen
- d
- IOException
public static void decrypt(OutputStream out, InputStream in, int outLen, Encryption.Context context, byte[] iv) throws IOException
out
- in
- outLen
- context
- iv
- IOException
public static Key getSecretKeyForSubject(String subject, org.apache.hadoop.conf.Configuration conf) throws IOException
subject
- conf
- IOException
- if the key is not foundpublic static void encryptWithSubjectKey(OutputStream out, InputStream in, String subject, org.apache.hadoop.conf.Configuration conf, Cipher cipher, byte[] iv) throws IOException
out
- ciphertextin
- plaintextconf
- configurationcipher
- the encryption algorithmiv
- the initialization vector, can be nullIOException
public static void decryptWithSubjectKey(OutputStream out, InputStream in, int outLen, String subject, org.apache.hadoop.conf.Configuration conf, Cipher cipher, byte[] iv) throws IOException
out
- plaintextin
- ciphertextoutLen
- the expected plaintext lengthsubject
- the subject's key aliasconf
- configurationcipher
- the encryption algorithmiv
- the initialization vector, can be nullIOException
private static ClassLoader getClassLoaderForClass(Class<?> c)
public static CipherProvider getCipherProvider(org.apache.hadoop.conf.Configuration conf)
public static KeyProvider getKeyProvider(org.apache.hadoop.conf.Configuration conf)
public static void incrementIv(byte[] iv)
public static void incrementIv(byte[] iv, int v)
public static byte[] hashWithAlg(String algorithm, byte[]... args)
Copyright © 2007–2021 The Apache Software Foundation. All rights reserved.