KeyProviderCryptoExtension.CryptoExtension (Apache Hadoop Common 2.6.0 API)

Overview

Package

Class

Use

Tree

Deprecated

Index

Help

PREV CLASS NEXT CLASS

FRAMES NO FRAMES

SUMMARY: NESTED | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

org.apache.hadoop.crypto.key
Interface KeyProviderCryptoExtension.CryptoExtension

All Superinterfaces:: KeyProviderExtension.Extension

Enclosing class:: org.apache.hadoop.crypto.key.KeyProviderCryptoExtension

public static interface KeyProviderCryptoExtension.CryptoExtension
extends KeyProviderExtension.Extension
extends KeyProviderExtension.Extension

CryptoExtension is a type of Extension that exposes methods to generate EncryptedKeys and to decrypt the same.

Method Summary
`KeyProvider.KeyVersion`	`decryptEncryptedKey(KeyProviderCryptoExtension.EncryptedKeyVersion encryptedKeyVersion)` Decrypts an encrypted byte[] key material using the given a key version name and initialization vector.
`void`	`drain(String keyName)` Drains the Queue for the provided key.
`KeyProviderCryptoExtension.EncryptedKeyVersion`	`generateEncryptedKey(String encryptionKeyName)` Generates a key material and encrypts it using the given key version name and initialization vector.
`void`	`warmUpEncryptedKeys(String... keyNames)` Calls to this method allows the underlying KeyProvider to warm-up any implementation specific caches used to store the Encrypted Keys.

Method Detail

warmUpEncryptedKeys

void warmUpEncryptedKeys(String... keyNames)
                         throws IOException

Calls to this method allows the underlying KeyProvider to warm-up any implementation specific caches used to store the Encrypted Keys.

Parameters:: keyNames - Array of Key Names
Throws:: IOException

drain

void drain(String keyName)

Drains the Queue for the provided key.

Parameters:: keyName - the key to drain the Queue for

generateEncryptedKey

KeyProviderCryptoExtension.EncryptedKeyVersion generateEncryptedKey(String encryptionKeyName)
                                                                    throws IOException,
                                                                           GeneralSecurityException

Generates a key material and encrypts it using the given key version name and initialization vector. The generated key material is of the same length as the KeyVersion material of the latest key version of the key and is encrypted using the same cipher.

NOTE: The generated key is not stored by the KeyProvider

Parameters:: encryptionKeyName - The latest KeyVersion of this key's material will be encrypted.
Returns:: EncryptedKeyVersion with the generated key material, the version name is 'EEK' (for Encrypted Encryption Key)
Throws:: IOException - thrown if the key material could not be generated; GeneralSecurityException - thrown if the key material could not be encrypted because of a cryptographic issue.

decryptEncryptedKey

KeyProvider.KeyVersion decryptEncryptedKey(KeyProviderCryptoExtension.EncryptedKeyVersion encryptedKeyVersion)
                                           throws IOException,
                                                  GeneralSecurityException

Decrypts an encrypted byte[] key material using the given a key version name and initialization vector.

Parameters:: encryptedKeyVersion - contains keyVersionName and IV to decrypt the encrypted key material
Returns:: a KeyVersion with the decrypted key material, the version name is 'EK' (For Encryption Key)
Throws:: IOException - thrown if the key material could not be decrypted; GeneralSecurityException - thrown if the key material could not be decrypted because of a cryptographic issue.