[jira] [Updated] (HIVE-7934) Improve column level encryption with key management

Mon, 01 Sep 2014 20:15:35 -0700 

     [ 
https://issues.apache.org/jira/browse/HIVE-7934?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Xiaomeng Huang updated HIVE-7934:
---------------------------------
    Description: 
Now HIVE-6329 is a framework of column level encryption/decryption. But the 
implementation in HIVE-6329 is just use Base64, it is not safe and have some 
problems.
Base64WriteOnly can just get the ciphertext from client for any users. And 
Base64Rewriter can just get plaintext from client for any users.
I have an improvement based HIVE-7934 using key management.
{code}
-- region-aes-column.q
set hive.encrypt.key=123456789;
set hive.encrypt.iv=123456; 
drop table region_aes_column;
create table region_aes_column (r_regionkey int, r_name string) ROW FORMAT 
SERDE 'org.apache.hadoop.hive.serde2.lazy.LazySimpleSerDe'
  WITH SERDEPROPERTIES ('column.encode.columns'='r_name', 
'column.encode.classname'='org.apache.hadoop.hive.serde2.aes.AESRewriter', 
'column.encode.key'='123456789', 'column.encode.iv'='123456') 
  STORED AS TEXTFILE;
insert overwrite table region_aes_column 
select 
  r_regionkey, r_name
from region;

hive> select * from region_aes_column;
OK
0       /q5RTO1X
1       /qVGV+dV3g==
2       /rtKRA==
3       +r1RSv5T
4       8qFHQeJTvxWUadw=
Time taken: 0.666 seconds, Fetched: 5 row(s)

hive> set hive.encrypt.key=123456789;
hive> set hive.encrypt.iv=123456;
hive> select * from region_aes_column;
OK
0       AFRICA
1       AMERICA
2       ASIA
3       EUROPE
4       MIDDLE EAST
Time taken: 0.714 seconds, Fetched: 5 row(s)
{code}

  was:Now 


> Improve column level encryption with key management
> ---------------------------------------------------
>
>                 Key: HIVE-7934
>                 URL: https://issues.apache.org/jira/browse/HIVE-7934
>             Project: Hive
>          Issue Type: Improvement
>            Reporter: Xiaomeng Huang
>            Assignee: Xiaomeng Huang
>            Priority: Minor
>
> Now HIVE-6329 is a framework of column level encryption/decryption. But the 
> implementation in HIVE-6329 is just use Base64, it is not safe and have some 
> problems.
> Base64WriteOnly can just get the ciphertext from client for any users. And 
> Base64Rewriter can just get plaintext from client for any users.
> I have an improvement based HIVE-7934 using key management.
> {code}
> -- region-aes-column.q
> set hive.encrypt.key=123456789;
> set hive.encrypt.iv=123456; 
> drop table region_aes_column;
> create table region_aes_column (r_regionkey int, r_name string) ROW FORMAT 
> SERDE 'org.apache.hadoop.hive.serde2.lazy.LazySimpleSerDe'
>   WITH SERDEPROPERTIES ('column.encode.columns'='r_name', 
> 'column.encode.classname'='org.apache.hadoop.hive.serde2.aes.AESRewriter', 
> 'column.encode.key'='123456789', 'column.encode.iv'='123456') 
>   STORED AS TEXTFILE;
> insert overwrite table region_aes_column 
> select 
>   r_regionkey, r_name
> from region;
> hive> select * from region_aes_column;
> OK
> 0     /q5RTO1X
> 1     /qVGV+dV3g==
> 2     /rtKRA==
> 3     +r1RSv5T
> 4     8qFHQeJTvxWUadw=
> Time taken: 0.666 seconds, Fetched: 5 row(s)
> hive> set hive.encrypt.key=123456789;
> hive> set hive.encrypt.iv=123456;
> hive> select * from region_aes_column;
> OK
> 0     AFRICA
> 1     AMERICA
> 2     ASIA
> 3     EUROPE
> 4     MIDDLE EAST
> Time taken: 0.714 seconds, Fetched: 5 row(s)
> {code}



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to