451a4b06b1
This PR is a follow-up of HBASE-25181 (#2539), where several issues were discussed on the PR: 1. Currently we use PBKDF2WithHmacSHA1 key generation algorithm to generate a secret key for HFile / WalFile encryption, when the user is defining a string encryption key in the hbase shell. This algorithm is not secure enough and not allowed in certain environments (e.g. on FIPS compliant clusters). We are changing it to PBKDF2WithHmacSHA384. It will not break backward-compatibility, as even the tables created by the shell using the new algorithm will be able to load (e.g. during bulkload / replication) the HFiles serialized with the key generated by an old algorithm, as the HFiles themselves already contain the key necessary for their decryption. Smaller issues fixed by this commit: 2. Improve the documentation e.g. with the changes introduced by HBASE-25181 and also by some points discussed on the Jira ticket of HBASE-25263. 3. In EncryptionUtil.createEncryptionContext the various encryption config checks should throw IllegalStateExceptions instead of RuntimeExceptions. 4. Test cases in TestEncryptionTest.java should be broken down into smaller tests. 5. TestEncryptionDisabled.java should use ExpectedException JUnit rule to validate exceptions. closes #2676 Signed-off-by: Peter Somogyi <psomogyi@apache.org> |
||
|---|---|---|
| .idea | ||
| bin | ||
| conf | ||
| dev-support | ||
| hbase-annotations | ||
| hbase-archetypes | ||
| hbase-assembly | ||
| hbase-asyncfs | ||
| hbase-backup | ||
| hbase-balancer | ||
| hbase-build-configuration | ||
| hbase-checkstyle | ||
| hbase-client | ||
| hbase-common | ||
| hbase-endpoint | ||
| hbase-examples | ||
| hbase-external-blockcache | ||
| hbase-hadoop-compat | ||
| hbase-hbtop | ||
| hbase-http | ||
| hbase-it | ||
| hbase-logging | ||
| hbase-mapreduce | ||
| hbase-metrics | ||
| hbase-metrics-api | ||
| hbase-procedure | ||
| hbase-protocol-shaded | ||
| hbase-replication | ||
| hbase-resource-bundle | ||
| hbase-rest | ||
| hbase-server | ||
| hbase-shaded | ||
| hbase-shell | ||
| hbase-testing-util | ||
| hbase-thrift | ||
| hbase-zookeeper | ||
| src | ||
| .asf.yaml | ||
| .editorconfig | ||
| .gitattributes | ||
| .gitignore | ||
| .pylintrc | ||
| .rubocop.yml | ||
| CHANGES.txt | ||
| LICENSE.txt | ||
| NOTICE.txt | ||
| README.txt | ||
| pom.xml | ||
README.txt
Apache HBase [1] is an open-source, distributed, versioned, column-oriented store modeled after Google' Bigtable: A Distributed Storage System for Structured Data by Chang et al.[2] Just as Bigtable leverages the distributed data storage provided by the Google File System, HBase provides Bigtable-like capabilities on top of Apache Hadoop [3]. To get started using HBase, the full documentation for this release can be found under the doc/ directory that accompanies this README. Using a browser, open the docs/index.html to view the project home page (or browse to [1]). The hbase 'book' at http://hbase.apache.org/book.html has a 'quick start' section and is where you should being your exploration of the hbase project. The latest HBase can be downloaded from an Apache Mirror [4]. The source code can be found at [5] The HBase issue tracker is at [6] Apache HBase is made available under the Apache License, version 2.0 [7] The HBase mailing lists and archives are listed here [8]. The HBase distribution includes cryptographic software. See the export control notice here [9]. 1. http://hbase.apache.org 2. http://research.google.com/archive/bigtable.html 3. http://hadoop.apache.org 4. http://www.apache.org/dyn/closer.lua/hbase/ 5. https://hbase.apache.org/source-repository.html 6. https://hbase.apache.org/issue-tracking.html 7. http://hbase.apache.org/license.html 8. http://hbase.apache.org/mail-lists.html 9. https://hbase.apache.org/export_control.html