KeyProviderCryptoExtension.EncryptedKeyVersion (Apache Hadoop Common 2.6.0 API)

Overview

Package

Class

Use

Tree

Deprecated

Index

Help

PREV CLASS NEXT CLASS

FRAMES NO FRAMES

SUMMARY: NESTED | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

org.apache.hadoop.crypto.key
Class KeyProviderCryptoExtension.EncryptedKeyVersion

java.lang.Object
  org.apache.hadoop.crypto.key.KeyProviderCryptoExtension.EncryptedKeyVersion

Direct Known Subclasses:: KMSClientProvider.KMSEncryptedKeyVersion

Enclosing class:: org.apache.hadoop.crypto.key.KeyProviderCryptoExtension

public static class KeyProviderCryptoExtension.EncryptedKeyVersion
extends Object
extends Object

An encrypted encryption key (EEK) and related information. An EEK must be decrypted using the key's encryption key before it can be used.

Constructor Summary
`protected`	`KeyProviderCryptoExtension.EncryptedKeyVersion(String keyName, String encryptionKeyVersionName, byte[] encryptedKeyIv, KeyProvider.KeyVersion encryptedKeyVersion)` Create a new EncryptedKeyVersion.

Method Summary
`static KeyProviderCryptoExtension.EncryptedKeyVersion`	`createForDecryption(String keyName, String encryptionKeyVersionName, byte[] encryptedKeyIv, byte[] encryptedKeyMaterial)` Factory method to create a new EncryptedKeyVersion that can then be passed into `KeyProviderCryptoExtension.decryptEncryptedKey(org.apache.hadoop.crypto.key.KeyProviderCryptoExtension.EncryptedKeyVersion)`.
`protected static byte[]`	`deriveIV(byte[] encryptedKeyIV)` Derive the initialization vector (IV) for the encryption key from the IV of the encrypted key.
`byte[]`	`getEncryptedKeyIv()`
`KeyProvider.KeyVersion`	`getEncryptedKeyVersion()`
`String`	`getEncryptionKeyName()`
`String`	`getEncryptionKeyVersionName()`

Methods inherited from class java.lang.Object
`clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait`

Constructor Detail

KeyProviderCryptoExtension.EncryptedKeyVersion

protected KeyProviderCryptoExtension.EncryptedKeyVersion(String keyName,
                                                         String encryptionKeyVersionName,
                                                         byte[] encryptedKeyIv,
                                                         KeyProvider.KeyVersion encryptedKeyVersion)

Create a new EncryptedKeyVersion.

Parameters:: keyName - Name of the encryption key used to encrypt the encrypted key.; encryptionKeyVersionName - Version name of the encryption key used to encrypt the encrypted key.; encryptedKeyIv - Initialization vector of the encrypted key. The IV of the encryption key used to encrypt the encrypted key is derived from this IV.; encryptedKeyVersion - The encrypted encryption key version.

Method Detail

createForDecryption

public static KeyProviderCryptoExtension.EncryptedKeyVersion createForDecryption(String keyName,
                                                                                 String encryptionKeyVersionName,
                                                                                 byte[] encryptedKeyIv,
                                                                                 byte[] encryptedKeyMaterial)

Factory method to create a new EncryptedKeyVersion that can then be passed into

KeyProviderCryptoExtension.decryptEncryptedKey(org.apache.hadoop.crypto.key.KeyProviderCryptoExtension.EncryptedKeyVersion)

. Note that the fields of the returned EncryptedKeyVersion will only partially be populated; it is not necessarily suitable for operations besides decryption.

Parameters:: keyName - Key name of the encryption key use to encrypt the encrypted key.; encryptionKeyVersionName - Version name of the encryption key used to encrypt the encrypted key.; encryptedKeyIv - Initialization vector of the encrypted key. The IV of the encryption key used to encrypt the encrypted key is derived from this IV.; encryptedKeyMaterial - Key material of the encrypted key.
Returns:: EncryptedKeyVersion suitable for decryption.

getEncryptionKeyName

public String getEncryptionKeyName()

Returns:: Name of the encryption key used to encrypt the encrypted key.

getEncryptionKeyVersionName

public String getEncryptionKeyVersionName()

Returns:: Version name of the encryption key used to encrypt the encrypted key.

getEncryptedKeyIv

public byte[] getEncryptedKeyIv()

Returns:: Initialization vector of the encrypted key. The IV of the encryption key used to encrypt the encrypted key is derived from this IV.

getEncryptedKeyVersion

public KeyProvider.KeyVersion getEncryptedKeyVersion()

Returns:: The encrypted encryption key version.

deriveIV

protected static byte[] deriveIV(byte[] encryptedKeyIV)

Derive the initialization vector (IV) for the encryption key from the IV of the encrypted key. This derived IV is used with the encryption key to decrypt the encrypted key.

The alternative to this is using the same IV for both the encryption key and the encrypted key. Even a simple symmetric transformation like this improves security by avoiding IV re-use. IVs will also be fairly unique among different EEKs.

Parameters:: encryptedKeyIV - of the encrypted key (i.e. getEncryptedKeyIv())
Returns:: IV for the encryption key