HBase, like Hadoop, uses the Simple Authentication and Security Layer (SASL) framework implementation in the
Java SE libraries to provide authentication and message integrity and privacy services.
When a cluster is secured with Kerberos and
hbase.rpc.protection=privacy, SASL uses the GSS-API (Java-GSS) framework to initiate
Kerberos authentication between client and server, which results in the sharing of a (symmetric) cryptographic key between client and (Region) server which can be used for message (HBase payload) encryption.
With the JCE libraries installed, the cipher/encryption type used should default to