We create cluster according to https://docs.aws.amazon.com/emr/latest/ManagementGuide/emr-gs.html, security configuration Settings for the custom key provider of S3 client encryption, create failure, error message: On the master instance a9d3744f2ae645 (I - 051), Failed to execute the custom EncryptionMaterialProvider: Algorithm AES is not supported.
Custom key provider of Java classes is simpler, as follows:
Public class MyEncryptionMaterialsProviders extends EncryptionMaterialsProvider {
Private EncryptionMaterials EncryptionMaterials;
Private byte [] keyBytes={
(byte) 0 x5d, xd1 (byte) 0, 0 xde (byte), (byte) x34 0, 0 x08 (byte), (byte) 0 x89, x7e (byte) 0, 0 xa9 (byte),
(byte) 0 x9a, (byte) 0 XBF, x61 (byte) 0, 0 xe7 (byte), x76 (byte) 0, 0 x32 (byte), (byte) 0 x2f, (byte) 0 xaa,
Xd7 (byte) 0, 0 x4f (byte), (byte) 0 x4d, (byte) 0 XBF, 0 x26 (byte), (byte) 0 x62, x95 (byte) 0, 0 xb9 (byte),
Xef (byte) 0, 0 x44 (byte), x8f (byte) 0, 0 x8e (byte), (byte) 0 xc9, x45 (byte) 0, 0 x91 (byte), (byte) 0 xf7};
@ Override
Public EncryptionMaterials getEncryptionMaterials (Map
Enclosing encryptionMaterials=new encryptionMaterials (new SecretKeySpec (keyBytes, AES, ""));
Return this. EncryptionMaterials;
}
@ Override
Public EncryptionMaterials getEncryptionMaterials (EncryptionContext arg0) {
Enclosing encryptionMaterials=new encryptionMaterials (new SecretKeySpec (keyBytes, AES, ""));
Return this. EncryptionMaterials;
}
}
EMR log information is as follows:
The log message in "elasticmapreduce bvhyt1n9bkjr/node/I/j - 1-051 a9d3744f2ae645/setup - devices/DiskEncryptor. The gz" :
2018-09-11 01:07:42, 457 INFO, main: Encrypted passphrase files does not exist.
The 2018-09-11 01:07:42, 462 ERROR main: Custom LUKS passphrase provider failed
Aws157. Instancecontroller. The encryptor. EMRDiskEncryptorException: Failed to execute the custom EncryptionMaterialProvider: Algorithm AES is not supported
The at aws157. Instancecontroller. The encryptor. Provider. CustomLUKSPassphraseProvider. FetchSecretKeyByEncryptionContext (CustomLUKSPassphraseProvider. Java: 193)
The at aws157. Instancecontroller. The encryptor. Provider. CustomLUKSPassphraseProvider. GetPassphrase (CustomLUKSPassphraseProvider. Java: 136)
The at aws157. Instancecontroller. The encryptor. LUKSDiskEncryptor. GetLUKSPassphrase (LUKSDiskEncryptor. Java: 74)
The at aws157. Instancecontroller. The encryptor. LUKSDiskEncryptor. EncryptOrOpen (LUKSDiskEncryptor. Java: 52)
The at aws157. Instancecontroller. The encryptor. DiskEncryptorMain. Main (43) DiskEncryptorMain. Java:
Under Caused by: aws157. Instancecontroller. The encryptor. EMRDiskEncryptorException: Algorithm AES is not supported
The at aws157. Instancecontroller. The encryptor. Provider. CustomLUKSPassphraseProvider. ValidateEncryptionMaterials (CustomLUKSPassphraseProvider. Java: 208)
The at aws157. Instancecontroller. The encryptor. Provider. CustomLUKSPassphraseProvider. FetchSecretKeyByEncryptionContext (CustomLUKSPassphraseProvider. Java: 188)
. 4 more