Troubleshooting encryption key errors

Failed to initialize Encryptor

When creating or altering a table to use a local key, the commands fails. For example, creating a test table with LZ compression and encryption:

CREATE TABLE test.encryption_test (a int primary key) WITH COMPRESSION = {
      'class': 'EncryptingLZ4Compressor', 
      'cipher_algorithm' : 'AES/ECB/PKCS5Padding', 
      'secret_key_strength' : 256,
      'system_key_file' : 'AES-256' };
The following error occurs:
ConfigurationException: EncryptingLZ4Compressor.create() threw an error: java.lang.RuntimeException Failed to initialize Encryptor

Solution

  1. Verify that the account running the DSE database is the owner of the encryption key file on the local system:
    ls -l /etc/dse/conf
    In this case, the account dse only has read/write access to the system_key file.
    total 8
    -rw------- 1 joe joe 70 Aug  8 15:48 AES-256
    -rwx------ 1 joe joe 50 Aug  2 15:06 system_key
  2. Change the ownership of the file to the DSE user, and ensure that the file has read/write permissions.
    chown cassandra /etc/dse/conf/system_key
  3. Rerun the CQL command.