Troubleshooting encryption key errors
Failed to initialize Encryptor
When creating or altering a table to use a local key, the commands fails. For example, creating a test table with LZ compression and encryption:
CREATE TABLE test.encryption_test (a int primary key) WITH COMPRESSION = { 'class': 'EncryptingLZ4Compressor', 'cipher_algorithm' : 'AES/ECB/PKCS5Padding', 'secret_key_strength' : 256, 'system_key_file' : 'AES-256' };The following error occurs:
ConfigurationException: EncryptingLZ4Compressor.create() threw an error: java.lang.RuntimeException Failed to initialize Encryptor
Solution
- Verify that the account running the DSE database is the owner of the encryption key file
on the local system:
ls -l /etc/dse/conf
In this case, the account dse only has read/write access to the system_key file.total 8 -rw------- 1 joe joe 70 Aug 8 15:48 AES-256 -rwx------ 1 joe joe 50 Aug 2 15:06 system_key
- Change the ownership of the file to the DSE user, and ensure that the file has
read/write
permissions.
chown cassandra /etc/dse/conf/system_key
- Rerun the CQL command.