Troubleshooting encryption key errors

Failed to initialize Encryptor

When creating or altering a table to use a local key, the commands fails. For example, creating a test table with LZ compression and encryption:

CREATE TABLE test.encryption_test (a int primary key) WITH compression = {'sstable_compression': 'EncryptingLZ4Compressor', 'cipher_algorithm' : 'AES/ECB/PKCS5Padding', 'secret_key_strength' : 256, 'system_key_file' : 'AES-256'};
The following error occurs:
ConfigurationException: EncryptingLZ4Compressor.create() threw an error: java.lang.RuntimeException Failed to initialize Encryptor

Solution

  1. Verify that the account running the DSE database is the owner of the encryption key file on the local system:
    ls -l /etc/dse/conf
    In this case, the account dse only has read/write access to the system_key file.
    total 8
    -rw------- 1 joe joe 70 Aug  8 15:48 AES-256
    -rwx------ 1 joe joe 50 Aug  2 15:06 system_key
  2. Change the ownership of the file to dse and ensure that it has read/write permissions.
  3. Rerun the CQL command.