Support Questions

nlam · ‎09-18-2018

The HBase Book says this about enabling wire-encryption in HBase:

Once HBase is configured for secure RPC it is possible to optionally configure encrypted communication. To do so, add the following to the hbase-site.xml file on every client:

<property>
  <name>hbase.rpc.protection</name>
  <value>privacy</value>
</property>

What is/are the encryption algorithm(s) used when HBase wire-encryption is enabled?

nlam · ‎10-01-2018

HBase, like Hadoop, uses the Simple Authentication and Security Layer (SASL) framework implementation in the Java SE libraries to provide authentication and message integrity and privacy services.

When a cluster is secured with Kerberos and hbase.rpc.protection=privacy, SASL uses the GSS-API (Java-GSS) framework to initiate Kerberos authentication between client and server, which results in the sharing of a (symmetric) cryptographic key between client and (Region) server which can be used for message (HBase payload) encryption.

With the JCE libraries installed, the cipher/encryption type used should default to aes256-cts-hmac-sha1-96.

Cloudera Community

Support Questions

What is the wire encryption used by HBase when hbase.rpc.protection is set to privacy?

Rest call to ranger on wire encrypted cluster

SSL configuration for Distcp accross the cluster i...

HBase end-to-end over the wire encryption

Cache it all! Enhancing HBase Cache for optimal pe...

Import CSV data into HBase using importtsv

performance impact of wire encryption and TDE?

Confusion in documentation : Configuring Spark for...

Data Integrity check using Spark JDBC with Encrypt...

Encryption mechanism in NiFi 2.0

Connect to Phoenix-HBase using DBVisualizer