Table Encryption Options and Syntax
When a table definition uses an encryption class, all table data except for primary keys is encrypted with a key entry from the dse_system.encrypted_keys table.
If no keys match the cipher_algorithm, secret_key_strength, and system_key_file settings, a new key is created and added to the table.
|
The following syntax only shows encryption options.
All other compression options, such as |
Syntax
COMPRESSION = {
'class' : '<encryption_class>'[,
'cipher_algorithm' : '<cipher_algorithm_type>'] [,
'secret_key_strength' : <length>] [,
'system_key_file': '<key_filename>'] };Options
-
encryption_classSpecifies the encryption type. Use one of the class names from the following table. (Required)
Name Encrypts Compresses Encryptor [1]
Yes
No
EncryptingLZ4Compressor
Yes
Yes
EncryptingDeflateCompressor
Yes
Yes
EncryptingSnappyCompressor
Yes
Yes
[1] When using the Encryptor class, specify a larger young generation heap (the
-Xmnparameter) to improve garbage collection (GC). For example, set the size to:-Xmn1600Mwhen runningcassandra-stress.cipher_algorithm_type-
Sets the type of encryption key. DSE supports the following JCE algorithms and corresponding
length.
-
cipher_algorithm[/mode/padding]
DSE supports the following
JCEcipher algorithms:-
AES/CBC/PKCS5Padding (valid with length 128, 192, or 256).
-
AES/ECB/PKCS5Padding (valid with length 128, 192, or 256)
-
DES/CBC/PKCS5Padding (valid with length 56)
-
DESede/CBC/PKCS5Padding (valid with length 112 or 168)
-
Blowfish/CBC/PKCS5Padding (valid with length 32-448)
-
RC2/CBC/PKCS5Padding (valid with length 40-128) Default value:
AES/CBC/PKCS5Padding(with length 128).length-
Specifies the length of the encryption key.
Default:
128. (Optional) key_filename-
Specifies the file name of the local encryption key used to encrypt the table key. Local keys are specified in
system_key_directory.Default:
system_key. (Optional)
-
