@InterfaceAudience.Public public final class Encryption extends Object
Modifier and Type | Class and Description |
---|---|
static class |
Encryption.Context
Crypto context
|
Modifier and Type | Field and Description |
---|---|
static boolean |
CRYPTO_ENABLED_CONF_DEFAULT
Default value for globally enable / disable column family encryption (set to "true" for
backward compatibility)
|
static String |
CRYPTO_ENABLED_CONF_KEY
Configuration key for globally enable / disable column family encryption
|
static boolean |
CRYPTO_KEY_FAIL_ON_ALGORITHM_MISMATCH_CONF_DEFAULT
Default behaviour is not to fail if the hash algorithm configured differs from the one used in
the HFile.
|
static String |
CRYPTO_KEY_FAIL_ON_ALGORITHM_MISMATCH_CONF_KEY
Configuration key for specifying the behaviour if the configured hash algorithm differs from
the one used for generating key hash in encrypted HFiles currently being read.
|
static String |
CRYPTO_KEY_HASH_ALGORITHM_CONF_DEFAULT
Default hash algorithm used for generating key hash in encrypted HFiles.
|
static String |
CRYPTO_KEY_HASH_ALGORITHM_CONF_KEY
Configuration key for the hash algorithm used for generating key hash in encrypted HFiles.
|
(package private) static Map<Pair<String,String>,KeyProvider> |
keyProviderCache |
private static org.slf4j.Logger |
LOG |
Modifier | Constructor and Description |
---|---|
private |
Encryption() |
Modifier and Type | Method and Description |
---|---|
static byte[] |
computeCryptoKeyHash(org.apache.hadoop.conf.Configuration conf,
byte[] arg)
Returns the hash of the supplied argument, using the hash algorithm specified in the given
config.
|
static void |
decrypt(byte[] dest,
int destOffset,
InputStream in,
int destSize,
Decryptor d)
Decrypt a block of ciphertext read in from a stream with the given cipher and context
|
static void |
decrypt(byte[] dest,
int destOffset,
InputStream in,
int destSize,
Encryption.Context context,
byte[] iv)
Decrypt a block of ciphertext from a stream given a context and IV nnnnnnn
|
static void |
decrypt(OutputStream out,
InputStream in,
int outLen,
Decryptor d)
Decrypt a stream of ciphertext given a decryptor nnnnn
|
static void |
decrypt(OutputStream out,
InputStream in,
int outLen,
Encryption.Context context,
byte[] iv)
Decrypt a stream of ciphertext given a context and IV nnnnnn
|
static void |
decryptWithSubjectKey(OutputStream out,
InputStream in,
int outLen,
String subject,
org.apache.hadoop.conf.Configuration conf,
Cipher cipher,
byte[] iv)
Decrypts a block of ciphertext with the symmetric key resolved for the given subject
|
static void |
encrypt(OutputStream out,
byte[] src,
int offset,
int length,
Encryption.Context context,
byte[] iv)
Encrypt a block of plaintext
|
static void |
encrypt(OutputStream out,
byte[] src,
int offset,
int length,
Encryptor e)
Encrypt a block of plaintext
|
static void |
encrypt(OutputStream out,
InputStream in,
Encryption.Context context,
byte[] iv)
Encrypt a stream of plaintext given a context and IV
|
static void |
encrypt(OutputStream out,
InputStream in,
Encryptor e)
Encrypt a stream of plaintext given an encryptor
|
static void |
encryptWithSubjectKey(OutputStream out,
InputStream in,
String subject,
org.apache.hadoop.conf.Configuration conf,
Cipher cipher,
byte[] iv)
Encrypts a block of plaintext with the symmetric key resolved for the given subject
|
static boolean |
failOnHashAlgorithmMismatch(org.apache.hadoop.conf.Configuration conf)
Returns the Hash Algorithm mismatch behaviour defined in the crypto configuration.
|
static byte[] |
generateSecretKey(org.apache.hadoop.conf.Configuration conf,
String cypherAlg,
byte[]... args)
Return a key derived from the concatenation of the supplied arguments using
PBKDF2WithHmacSHA384 key derivation algorithm at 10,000 iterations.
|
static byte[] |
generateSecretKey(org.apache.hadoop.conf.Configuration conf,
String cypherAlg,
String... args)
Return a key derived from the concatenation of the supplied arguments using
PBKDF2WithHmacSHA384 key derivation algorithm at 10,000 iterations.
|
private static byte[] |
generateSecretKey(String algorithm,
int keyLengthBytes,
char[] password)
Return a key (byte array) derived from the supplied password argument using the given algorithm
with a random salt at 10,000 iterations.
|
static Cipher |
getCipher(org.apache.hadoop.conf.Configuration conf,
String name)
Get an cipher given a name
|
static CipherProvider |
getCipherProvider(org.apache.hadoop.conf.Configuration conf) |
private static ClassLoader |
getClassLoaderForClass(Class<?> c) |
static String |
getConfiguredHashAlgorithm(org.apache.hadoop.conf.Configuration conf)
Returns the Hash Algorithm defined in the crypto configuration.
|
static KeyProvider |
getKeyProvider(org.apache.hadoop.conf.Configuration conf) |
static Key |
getSecretKeyForSubject(String subject,
org.apache.hadoop.conf.Configuration conf)
Resolves a key for the given subject nn * @return a key for the given subject
|
static String[] |
getSupportedCiphers()
Get names of supported encryption algorithms
|
static String[] |
getSupportedCiphers(org.apache.hadoop.conf.Configuration conf)
Get names of supported encryption algorithms
|
static byte[] |
hash128(byte[]... args)
Return the MD5 digest of the concatenation of the supplied arguments.
|
static byte[] |
hash128(String... args)
Return the MD5 digest of the concatenation of the supplied arguments.
|
static byte[] |
hash256(byte[]... args)
Return the SHA-256 digest of the concatenation of the supplied arguments.
|
static byte[] |
hash256(String... args)
Return the SHA-256 digest of the concatenation of the supplied arguments.
|
static byte[] |
hashWithAlg(String algorithm,
byte[]... args)
Return the hash of the concatenation of the supplied arguments, using the hash algorithm
provided.
|
static void |
incrementIv(byte[] iv) |
static void |
incrementIv(byte[] iv,
int v) |
static boolean |
isEncryptionEnabled(org.apache.hadoop.conf.Configuration conf)
Returns true if the column family encryption feature is enabled globally.
|
static Encryption.Context |
newContext() |
static Encryption.Context |
newContext(org.apache.hadoop.conf.Configuration conf) |
static byte[] |
pbkdf128(byte[]... args)
Return a 128 bit key derived from the concatenation of the supplied arguments using
PBKDF2WithHmacSHA1 at 10,000 iterations.
|
static byte[] |
pbkdf128(String... args)
Return a 128 bit key derived from the concatenation of the supplied arguments using
PBKDF2WithHmacSHA1 at 10,000 iterations.
|
private static final org.slf4j.Logger LOG
public static final String CRYPTO_ENABLED_CONF_KEY
public static final boolean CRYPTO_ENABLED_CONF_DEFAULT
public static final String CRYPTO_KEY_HASH_ALGORITHM_CONF_KEY
public static final String CRYPTO_KEY_HASH_ALGORITHM_CONF_DEFAULT
public static final String CRYPTO_KEY_FAIL_ON_ALGORITHM_MISMATCH_CONF_KEY
public static final boolean CRYPTO_KEY_FAIL_ON_ALGORITHM_MISMATCH_CONF_DEFAULT
static final Map<Pair<String,String>,KeyProvider> keyProviderCache
private Encryption()
public static Encryption.Context newContext()
public static Encryption.Context newContext(org.apache.hadoop.conf.Configuration conf)
public static boolean isEncryptionEnabled(org.apache.hadoop.conf.Configuration conf)
public static Cipher getCipher(org.apache.hadoop.conf.Configuration conf, String name)
name
- the cipher namepublic static String[] getSupportedCiphers()
public static String[] getSupportedCiphers(org.apache.hadoop.conf.Configuration conf)
public static String getConfiguredHashAlgorithm(org.apache.hadoop.conf.Configuration conf)
public static boolean failOnHashAlgorithmMismatch(org.apache.hadoop.conf.Configuration conf)
public static byte[] computeCryptoKeyHash(org.apache.hadoop.conf.Configuration conf, byte[] arg)
public static byte[] hash128(String... args)
public static byte[] hash128(byte[]... args)
public static byte[] hash256(String... args)
public static byte[] hash256(byte[]... args)
public static byte[] pbkdf128(String... args)
public static byte[] pbkdf128(byte[]... args)
public static byte[] generateSecretKey(org.apache.hadoop.conf.Configuration conf, String cypherAlg, String... args)
public static byte[] generateSecretKey(org.apache.hadoop.conf.Configuration conf, String cypherAlg, byte[]... args)
private static byte[] generateSecretKey(String algorithm, int keyLengthBytes, char[] password)
algorithm
- the secret key generation algorithm to usekeyLengthBytes
- the length of the key to be derived (in bytes, not in bits)password
- char array to use as password for the key generation algorithmpublic static void encrypt(OutputStream out, byte[] src, int offset, int length, Encryptor e) throws IOException
The encryptor's state will be finalized. It should be reinitialized or returned to the pool.
out
- ciphertextsrc
- plaintext nnnnIOException
public static void encrypt(OutputStream out, byte[] src, int offset, int length, Encryption.Context context, byte[] iv) throws IOException
out
- ciphertextsrc
- plaintext nnnnnIOException
public static void encrypt(OutputStream out, InputStream in, Encryptor e) throws IOException
The encryptor's state will be finalized. It should be reinitialized or returned to the pool.
out
- ciphertextin
- plaintext nnIOException
public static void encrypt(OutputStream out, InputStream in, Encryption.Context context, byte[] iv) throws IOException
out
- ciphertextin
- plaintet nnnIOException
public static void decrypt(byte[] dest, int destOffset, InputStream in, int destSize, Decryptor d) throws IOException
The decryptor's state will be finalized. It should be reinitialized or returned to the pool. nnnnnn
IOException
public static void decrypt(byte[] dest, int destOffset, InputStream in, int destSize, Encryption.Context context, byte[] iv) throws IOException
IOException
public static void decrypt(OutputStream out, InputStream in, int outLen, Decryptor d) throws IOException
IOException
public static void decrypt(OutputStream out, InputStream in, int outLen, Encryption.Context context, byte[] iv) throws IOException
IOException
public static Key getSecretKeyForSubject(String subject, org.apache.hadoop.conf.Configuration conf) throws IOException
IOException
- if the key is not foundpublic static void encryptWithSubjectKey(OutputStream out, InputStream in, String subject, org.apache.hadoop.conf.Configuration conf, Cipher cipher, byte[] iv) throws IOException
out
- ciphertextin
- plaintextconf
- configurationcipher
- the encryption algorithmiv
- the initialization vector, can be null nIOException
public static void decryptWithSubjectKey(OutputStream out, InputStream in, int outLen, String subject, org.apache.hadoop.conf.Configuration conf, Cipher cipher, byte[] iv) throws IOException
out
- plaintextin
- ciphertextoutLen
- the expected plaintext lengthsubject
- the subject's key aliasconf
- configurationcipher
- the encryption algorithmiv
- the initialization vector, can be null nIOException
private static ClassLoader getClassLoaderForClass(Class<?> c)
public static CipherProvider getCipherProvider(org.apache.hadoop.conf.Configuration conf)
public static KeyProvider getKeyProvider(org.apache.hadoop.conf.Configuration conf)
public static void incrementIv(byte[] iv)
public static void incrementIv(byte[] iv, int v)
public static byte[] hashWithAlg(String algorithm, byte[]... args)
Copyright © 2007–2020 The Apache Software Foundation. All rights reserved.