Package org.apache.hadoop.crypto

Class CryptoCodec

java.lang.Object
org.apache.hadoop.crypto.CryptoCodec
All Implemented Interfaces:
Closeable, AutoCloseable, Configurable
Direct Known Subclasses:
JceCtrCryptoCodec, OpensslCtrCryptoCodec
@Private @Evolving public abstract class CryptoCodec extends Object implements Configurable, Closeable
Crypto codec class, encapsulates encryptor/decryptor pair.

  • Field Details

    • LOG

      public static org.slf4j.Logger LOG

  • Constructor Details

    • CryptoCodec

      public CryptoCodec()

  • Method Details

    • getInstance

      public static CryptoCodec getInstance(Configuration conf, CipherSuite cipherSuite)
      Get crypto codec for specified algorithm/mode/padding.
      Parameters:
      conf - the configuration
      cipherSuite - algorithm/mode/padding
      Returns:
      CryptoCodec the codec object. Null value will be returned if no crypto codec classes with cipher suite configured.

    • getInstance

      public static CryptoCodec getInstance(Configuration conf)
      Get crypto codec for algorithm/mode/padding in config value hadoop.security.crypto.cipher.suite
      Parameters:
      conf - the configuration
      Returns:
      CryptoCodec the codec object Null value will be returned if no crypto codec classes with cipher suite configured.

    • getCipherSuite

      public abstract CipherSuite getCipherSuite()
      Returns:
      the CipherSuite for this codec.

    • createEncryptor

      public abstract Encryptor createEncryptor() throws GeneralSecurityException
      Create a Encryptor.
      Returns:
      Encryptor the encryptor.
      Throws:
      GeneralSecurityException - thrown if create encryptor error.

    • createDecryptor

      public abstract Decryptor createDecryptor() throws GeneralSecurityException
      Create a Decryptor.
      Returns:
      Decryptor the decryptor
      Throws:
      GeneralSecurityException - thrown if create decryptor error.

    • calculateIV

      public abstract void calculateIV(byte[] initIV, long counter, byte[] IV)
      This interface is only for Counter (CTR) mode. Generally the Encryptor or Decryptor calculates the IV and maintain encryption context internally. For example a Cipher will maintain its encryption context internally when we do encryption/decryption using the Cipher#update interface.

      Encryption/Decryption is not always on the entire file. For example, in Hadoop, a node may only decrypt a portion of a file (i.e. a split). In these situations, the counter is derived from the file position.

      The IV can be calculated by combining the initial IV and the counter with a lossless operation (concatenation, addition, or XOR). See http://en.wikipedia.org/wiki/Block_cipher_mode_of_operation#Counter_ .28CTR.29

      Parameters:
      initIV - initial IV
      counter - counter for input stream position
      IV - the IV for input stream position

    • generateSecureRandom

      public abstract void generateSecureRandom(byte[] bytes)
      Generate a number of secure, random bytes suitable for cryptographic use. This method needs to be thread-safe.
      Parameters:
      bytes - byte array to populate with random data