Uploaded image for project: 'HBase'
  1. HBase
  2. HBASE-25263

Change encryption key generation algorithm used in the HBase shell

    XMLWordPrintableJSON

Details

    • Improvement
    • Status: Resolved
    • Major
    • Resolution: Fixed
    • None
    • 3.0.0-alpha-1, 2.4.0
    • encryption, shell
    • None
    • Hide
      Since the backward-compatible change we introduced in HBASE-25263, we use the more secure PBKDF2WithHmacSHA384 key generation algorithm (instead of PBKDF2WithHmacSHA1) to generate a secret key for HFile / WalFile encryption, when the user is defining a string encryption key in the hbase shell.
      Show
      Since the backward-compatible change we introduced in HBASE-25263 , we use the more secure PBKDF2WithHmacSHA384 key generation algorithm (instead of PBKDF2WithHmacSHA1) to generate a secret key for HFile / WalFile encryption, when the user is defining a string encryption key in the hbase shell.

    Description

      This PR is a follow-up of HBASE-25181 (#2539), where several issues were discussed on the PR:

      1. Currently we use PBKDF2WithHmacSHA1 key generation algorithm to generate a secret key for HFile / WalFile encryption, when the user is defining a string encryption key in the hbase shell. This algorithm is not secure enough and not allowed in certain environments (e.g. on FIPS compliant clusters). We are changing it to PBKDF2WithHmacSHA384. It will not break backward-compatibility, as even the tables created by the shell using the new algorithm will be able to load (e.g. during bulkload / replication) the HFiles serialized with the key generated by an old algorithm, as the HFiles themselves already contain the key necessary for their decryption.

      Smaller issues to be fixed:

      2. Improve the documentation e.g. with the changes introduced by HBASE-25181 and also by some points discussed on the Jira ticket of HBASE-25263.

      3. In EncryptionUtil.createEncryptionContext the various encryption config checks should throw IllegalStateExceptions instead of RuntimeExceptions.

      4. Test cases in TestEncryptionTest.java should be broken down into smaller tests.

      5. TestEncryptionDisabled.java should use ExpectedException JUnit rule to validate exceptions.

      Attachments

        Issue Links

          relates to

          Sub-task - The sub-task of the issue HBASE-25304 Support AES-192 and AES-256 in DefaultCipherProvider

          • Major - Major loss of function.
          • Open

          Improvement - An improvement or enhancement to an existing feature or task. HBASE-25181 Add options for disabling column family encryption and choosing hash algorithm for wrapped encryption keys.

          • Major - Major loss of function.
          • Resolved

          Improvement - An improvement or enhancement to an existing feature or task. HBASE-10951 Use PBKDF2 to generate test encryption keys in the shell

          • Trivial - Cosmetic problem like misspelt words or misaligned text.
          • Closed
          links to

          Web Link GitHub Pull Request #2676

          Activity

            People

              symat Mate Szalay-Beko
              symat Mate Szalay-Beko
              Votes:
              0 Vote for this issue
              Watchers:
              6 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: