Troubleshooting encryption key errors
Failed to initialize Encryptor
When creating or altering a table to use a local key, the commands fails. For example, creating a test table with LZ compression and encryption:
CREATE TABLE test.encryption_test (a int primary key) WITH COMPRESSION = {
'class': 'EncryptingLZ4Compressor',
'cipher_algorithm' : 'AES/ECB/PKCS5Padding',
'secret_key_strength' : 256,
'system_key_file' : 'AES-256' };
The following error occurs:
ConfigurationException: EncryptingLZ4Compressor.create() threw an error: java.lang.RuntimeException Failed to initialize Encryptor
Solution
-
Verify that the account running the DSE database is the owner of the encryption key file on the local system:
ls -l /etc/dse/conf
In this case, the account dse only has read/write access to the system_key file.
total 8 -rw------- 1 joe joe 70 Aug 8 15:48 AES-256 -rwx------ 1 joe joe 50 Aug 2 15:06 system_key
-
Change the ownership of the file to the DSE user, and ensure that the file has read/write permissions.
chown cassandra /etc/dse/conf/system_key
-
Rerun the CQL command.