From 827d2015c4a8145ca470f0e505985a462d9318b1 Mon Sep 17 00:00:00 2001
From: Wei-Chiu Chuang <weichiu@apache.org>
Date: Tue, 27 Mar 2018 13:33:41 -0700
Subject: [PATCH] HADOOP-15312. Undocumented KeyProvider configuration keys.
 Contributed by LiXin Ge.

(cherry picked from commit 3fe41c65d84843f817a4f9ef8999dbf862db6674)
(cherry picked from commit 1176a128d632925749db0a81a719fd8141c3cbb6)
(cherry picked from commit c6939e933055cbe08c4d4f0a5d4bac152c953e35)
---
 .../src/main/resources/core-default.xml       | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)

diff --git a/hadoop-common-project/hadoop-common/src/main/resources/core-default.xml b/hadoop-common-project/hadoop-common/src/main/resources/core-default.xml
index f18bc9a919c..134e0332375 100644
--- a/hadoop-common-project/hadoop-common/src/main/resources/core-default.xml
+++ b/hadoop-common-project/hadoop-common/src/main/resources/core-default.xml
@@ -2464,6 +2464,25 @@
   </description>
 </property>
 
+<property>
+  <name>hadoop.security.key.default.bitlength</name>
+  <value>128</value>
+  <description>
+    The length (bits) of keys we want the KeyProvider to produce. Key length
+    defines the upper-bound on an algorithm's security, ideally, it would
+    coincide with the lower-bound on an algorithm's security.
+  </description>
+</property>
+
+<property>
+  <name>hadoop.security.key.default.cipher</name>
+  <value>AES/CTR/NoPadding</value>
+  <description>
+    This indicates the algorithm that be used by KeyProvider for generating
+    key, and will be converted to CipherSuite when creating encryption zone.
+  </description>
+</property>
+
 <property>
   <name>fs.har.impl.disable.cache</name>
   <value>true</value>