Support Questions

Find answers, ask questions, and share your expertise
Announcements
Celebrating as our community reaches 100,000 members! Thank you!

What is the wire encryption used by HBase when hbase.rpc.protection is set to privacy?

avatar
Rising Star

The HBase Book says this about enabling wire-encryption in HBase:

Once HBase is configured for secure RPC it is possible to optionally configure encrypted communication. To do so, add the following to the hbase-site.xml file on every client:

<property>
  <name>hbase.rpc.protection</name>
  <value>privacy</value>
</property>

What is/are the encryption algorithm(s) used when HBase wire-encryption is enabled?

1 REPLY 1

avatar
Rising Star

HBase, like Hadoop, uses the Simple Authentication and Security Layer (SASL) framework implementation in the Java SE libraries to provide authentication and message integrity and privacy services.

When a cluster is secured with Kerberos and hbase.rpc.protection=privacy, SASL uses the GSS-API (Java-GSS) framework to initiate Kerberos authentication between client and server, which results in the sharing of a (symmetric) cryptographic key between client and (Region) server which can be used for message (HBase payload) encryption.

With the JCE libraries installed, the cipher/encryption type used should default to aes256-cts-hmac-sha1-96.