forked from docs/doc-exports
Yang, Tong
3f5759eed2
Reviewed-by: Hasko, Vladimir <vladimir.hasko@t-systems.com> Co-authored-by: Yang, Tong <yangtong2@huawei.com> Co-committed-by: Yang, Tong <yangtong2@huawei.com>
26 lines
5.6 KiB
HTML
26 lines
5.6 KiB
HTML
<a name="mrs_01_0954"></a><a name="mrs_01_0954"></a>
|
|
|
|
<h1 class="topictitle1">Using the Hive Column Encryption Function</h1>
|
|
<div id="body8662426"><div class="section" id="mrs_01_0954__en-us_topic_0000001173949230_s4baf5ef68c814051a43632bc511161e3"><h4 class="sectiontitle">Scenario</h4><p id="mrs_01_0954__en-us_topic_0000001173949230_a09f2959a7f424d39970eb32e52460f03">Hive supports encryption of one or more columns in a table. When creating a Hive table, you can specify the columns to be encrypted and encryption algorithm. When data is inserted into the table using the insert statement, the related columns are encrypted. Column encryption can be performed in HDFS tables of only the TextFile and SequenceFile file formats. Hive column encryption does not support the view and Hive over HBase scenarios.</p>
|
|
<p id="mrs_01_0954__en-us_topic_0000001173949230_a64024a17af7d4056a87386f85173ddce">Hive supports two column encryption algorithms, which can be specified during table creation:</p>
|
|
<ul id="mrs_01_0954__en-us_topic_0000001173949230_uf1d23f066f2a4384a2b94739bbfb4cd0"><li id="mrs_01_0954__en-us_topic_0000001173949230_l48b9f9abde4f4eec804aa359f6179f8f">AES (the encryption class is org.apache.hadoop.hive.serde2.AESRewriter)</li><li id="mrs_01_0954__en-us_topic_0000001173949230_l5ad45fa7ba914bb48a0f04a60074be8c">SMS4 (the encryption class is org.apache.hadoop.hive.serde2.SMS4Rewriter)</li></ul>
|
|
<div class="note" id="mrs_01_0954__en-us_topic_0000001173949230_na03bfe6abc9d4843ac084f0681dd548f"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><p id="mrs_01_0954__en-us_topic_0000001173949230_ae7f6d8d965db41edb6ac4686318722a1"><em id="mrs_01_0954__en-us_topic_0000001173949230_a20d4416390d944f0b56ee42615faaaa1">When you import data from a common Hive table into a Hive column encryption table, you are advised to delete the original data from the common Hive table as long as doing this does not affect other services. The reason is that retaining an unencrypted table is a security risk.</em></p>
|
|
</div></div>
|
|
</div>
|
|
<div class="section" id="mrs_01_0954__en-us_topic_0000001173949230_sb27475c6a477408ca61f219629a7be9c"><h4 class="sectiontitle">Operation Procedure</h4><ol id="mrs_01_0954__en-us_topic_0000001173949230_ob609595e26674f7b94c1c4a67b2d3951"><li id="mrs_01_0954__en-us_topic_0000001173949230_lb613e6b6d545419daab773c43b23627d"><span>Specify the column to be encrypted and encryption algorithm when creating a table.</span><p><p class="litext" id="mrs_01_0954__en-us_topic_0000001173949230_ade7e5296d76a499aba447002f4d9548c"><strong id="mrs_01_0954__en-us_topic_0000001173949230_a8974a6ca37684f5899091403695b960d">create table<em id="mrs_01_0954__en-us_topic_0000001173949230_a4138b5483b58437aabc7022c43f6b590"><[db_name.]table_name> (<col_name1> <data_type> ,<col_name2> <data_type>,<col_name3> <data_type>,<col_name4> <data_type>)</em> ROW FORMAT SERDE 'org.apache.hadoop.hive.serde2.lazy.LazySimpleSerDe' WITH SERDEPROPERTIES ('column.encode.columns'='<em id="mrs_01_0954__en-us_topic_0000001173949230_a4a823248f71f47918c9c95b071f6ee0f"><col_name2>,<col_name3></em>', 'column.encode.classname'='org.apache.hadoop.hive.serde2.AESRewriter')STORED AS TEXTFILE;</strong></p>
|
|
<p class="litext" id="mrs_01_0954__en-us_topic_0000001173949230_a0f82280fc3fe42649e9bc3c7a43efe42">Alternatively, use the following statement:</p>
|
|
<p class="litext" id="mrs_01_0954__en-us_topic_0000001173949230_a4b25499d45a345d79d8bad7d646da62e"><strong id="mrs_01_0954__en-us_topic_0000001173949230_a275d91cd57824584897830779f34b1ce">create table <em id="mrs_01_0954__en-us_topic_0000001173949230_a7d7fe013b41745538499e2588e01cebb"><[db_name.]table_name> (<col_name1> <data_type> ,<col_name2> <data_type>,<col_name3> <data_type>,<col_name4> <data_type>)</em> ROW FORMAT SERDE 'org.apache.hadoop.hive.serde2.lazy.LazySimpleSerDe' WITH SERDEPROPERTIES ('column.encode.indices'='1,2', 'column.encode.classname'='org.apache.hadoop.hive.serde2.SMS4Rewriter') STORED AS TEXTFILE;</strong></p>
|
|
<div class="note" id="mrs_01_0954__en-us_topic_0000001173949230_n72ac897a68dd4a4e9fcef94d69429f69"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><ul id="mrs_01_0954__en-us_topic_0000001173949230_ul243571921606"><li class="text" id="mrs_01_0954__en-us_topic_0000001173949230_li576461791606">The numbers used to specify encryption columns start from 0. 0 indicates column 1, 1 indicates column 2, and so on.</li><li id="mrs_01_0954__en-us_topic_0000001173949230_li199360711609">When creating a table with encrypted columns, ensure that the directory where the table resides is empty.</li></ul>
|
|
</div></div>
|
|
</p></li><li id="mrs_01_0954__en-us_topic_0000001173949230_ldbe95513dd314241890a2bd73da41fca"><span>Insert data into the table using the insert statement.</span><p><p id="mrs_01_0954__en-us_topic_0000001173949230_a725a6f1e75fc4e36806a3a666bb0ab57">Assume that the test table exists and contains data.</p>
|
|
<p id="mrs_01_0954__en-us_topic_0000001173949230_a0124a436fa8445e79899344f069b1269"><strong id="mrs_01_0954__en-us_topic_0000001173949230_a6ad300adb78846829daf6391d50945be">insert into table <em id="mrs_01_0954__en-us_topic_0000001173949230_ace54071b6dee43c7b34cd6c70b6a9840"><table_name></em> select <em id="mrs_01_0954__en-us_topic_0000001173949230_a5af9e428e3064c129172656151075969"><col_list></em> from test;</strong></p>
|
|
</p></li></ol>
|
|
</div>
|
|
</div>
|
|
<div>
|
|
<div class="familylinks">
|
|
<div class="parentlink"><strong>Parent topic:</strong> <a href="mrs_01_0581.html">Using Hive</a></div>
|
|
</div>
|
|
</div>
|
|
|