EncryptionUtil (Apache HBase 2.4.0 API)

java.lang.Object
- org.apache.hadoop.hbase.security.EncryptionUtil

@InterfaceAudience.Private
 @InterfaceStability.Evolving
public final class EncryptionUtil
extends Object

Some static utility methods for encryption uses in hbase-client.

Field Summary

Fields
Modifier and Type Field and Description

private static org.slf4j.Logger LOG

private static SecureRandom RNG

Fields
Modifier and Type	Field and Description
`private static org.slf4j.Logger`	`LOG`
`private static SecureRandom`	`RNG`

Constructor Summary

Constructors
Modifier Constructor and Description

private EncryptionUtil()
Private constructor to keep this class from being instantiated.

Constructors
Modifier	Constructor and Description
`private`	`EncryptionUtil()` Private constructor to keep this class from being instantiated.

Method Summary

All Methods Static Methods Concrete Methods
Modifier and Type	Method and Description
`static CryptoAES`	`createCryptoAES(org.apache.hadoop.hbase.shaded.protobuf.generated.RPCProtos.CryptoCipherMeta cryptoCipherMeta, org.apache.hadoop.conf.Configuration conf)` Helper to create an instance of CryptoAES.
`static Encryption.Context`	`createEncryptionContext(org.apache.hadoop.conf.Configuration conf, ColumnFamilyDescriptor family)` Helper to create an encyption context.
`private static Key`	`getUnwrapKey(org.apache.hadoop.conf.Configuration conf, String subject, org.apache.hadoop.hbase.shaded.protobuf.generated.EncryptionProtos.WrappedKey wrappedKey, Cipher cipher)`
`static Key`	`unwrapKey(org.apache.hadoop.conf.Configuration conf, byte[] keyBytes)` Helper for `unwrapKey(Configuration, String, byte[])` which automatically uses the configured master and alternative keys, rather than having to specify a key type to unwrap with.
`static Key`	`unwrapKey(org.apache.hadoop.conf.Configuration conf, String subject, byte[] value)` Unwrap a key by decrypting it with the secret key of the given subject.
`static Key`	`unwrapWALKey(org.apache.hadoop.conf.Configuration conf, String subject, byte[] value)` Unwrap a wal key by decrypting it with the secret key of the given subject.
`static byte[]`	`wrapKey(org.apache.hadoop.conf.Configuration conf, byte[] key, String algorithm)` Protect a key by encrypting it with the secret key of the given subject.
`static byte[]`	`wrapKey(org.apache.hadoop.conf.Configuration conf, String subject, Key key)` Protect a key by encrypting it with the secret key of the given subject.

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

LOG

private static final org.slf4j.Logger LOG

RNG
```
private static final SecureRandom RNG
```

Constructor Detail
- EncryptionUtil
```
private EncryptionUtil()
```
  Private constructor to keep this class from being instantiated.

Method Detail

wrapKey
```
public static byte[] wrapKey(org.apache.hadoop.conf.Configuration conf,
                             byte[] key,
                             String algorithm)
                      throws IOException
```
Protect a key by encrypting it with the secret key of the given subject. The configuration must be set up correctly for key alias resolution.

Parameters:

conf - configuration

key - the raw key bytes

algorithm - the algorithm to use with this key material

Returns:

the encrypted key bytes

Throws:

IOException

wrapKey

public static byte[] wrapKey(org.apache.hadoop.conf.Configuration conf,
                             String subject,
                             Key key)
                      throws IOException

Protect a key by encrypting it with the secret key of the given subject. The configuration must be set up correctly for key alias resolution.

Parameters:: conf - configuration; subject - subject key alias; key - the key
Returns:: the encrypted key bytes
Throws:: IOException

unwrapKey

public static Key unwrapKey(org.apache.hadoop.conf.Configuration conf,
                            String subject,
                            byte[] value)
                     throws IOException,
                            KeyException

Unwrap a key by decrypting it with the secret key of the given subject. The configuration must be set up correctly for key alias resolution.

Parameters:: conf - configuration; subject - subject key alias; value - the encrypted key bytes
Returns:: the raw key bytes
Throws:: IOException; KeyException

getUnwrapKey

private static Key getUnwrapKey(org.apache.hadoop.conf.Configuration conf,
                                String subject,
                                org.apache.hadoop.hbase.shaded.protobuf.generated.EncryptionProtos.WrappedKey wrappedKey,
                                Cipher cipher)
                         throws IOException,
                                KeyException

Throws:: IOException; KeyException

unwrapWALKey
```
public static Key unwrapWALKey(org.apache.hadoop.conf.Configuration conf,
                               String subject,
                               byte[] value)
                        throws IOException,
                               KeyException
```
Unwrap a wal key by decrypting it with the secret key of the given subject. The configuration must be set up correctly for key alias resolution.

Parameters:

conf - configuration

subject - subject key alias

value - the encrypted key bytes

Returns:

the raw key bytes

Throws:

IOException - if key is not found for the subject, or if some I/O error occurs

KeyException - if fail to unwrap the key

createEncryptionContext
```
public static Encryption.Context createEncryptionContext(org.apache.hadoop.conf.Configuration conf,
                                                         ColumnFamilyDescriptor family)
                                                  throws IOException
```
Helper to create an encyption context.

Parameters:

conf - The current configuration.

family - The current column descriptor.

Returns:

The created encryption context.

Throws:

IOException - if an encryption key for the column cannot be unwrapped

IllegalStateException - in case of encryption related configuration errors

unwrapKey
```
public static Key unwrapKey(org.apache.hadoop.conf.Configuration conf,
                            byte[] keyBytes)
                     throws IOException
```
Helper for unwrapKey(Configuration, String, byte[]) which automatically uses the configured master and alternative keys, rather than having to specify a key type to unwrap with. The configuration must be set up correctly for key alias resolution.

Parameters:

conf - the current configuration

keyBytes - the key encrypted by master (or alternative) to unwrap

Returns:

the key bytes, decrypted

Throws:

IOException - if the key cannot be unwrapped

createCryptoAES

public static CryptoAES createCryptoAES(org.apache.hadoop.hbase.shaded.protobuf.generated.RPCProtos.CryptoCipherMeta cryptoCipherMeta,
                                        org.apache.hadoop.conf.Configuration conf)
                                 throws IOException

Helper to create an instance of CryptoAES.

Parameters:: conf - The current configuration.; cryptoCipherMeta - The metadata for create CryptoAES.
Returns:: The instance of CryptoAES.
Throws:: IOException - if create CryptoAES failed

Class EncryptionUtil

Field Summary

Constructor Summary

Method Summary

Methods inherited from class java.lang.Object

Field Detail

LOG

RNG

Constructor Detail

EncryptionUtil

Method Detail

wrapKey

wrapKey

unwrapKey

getUnwrapKey

unwrapWALKey

createEncryptionContext

unwrapKey

createCryptoAES