Class CryptoFactory

Namespace

ParquetSharp.Encryption

Assembly

ParquetSharp.dll

Translates high-level encryption configuration into low-level encryption parameters

public sealed class CryptoFactory : IDisposable

Inheritance

object

CryptoFactory

Implements

IDisposable

Inherited Members

object.Equals(object)

object.Equals(object, object)

object.GetHashCode()

object.GetType()

object.ReferenceEquals(object, object)

object.ToString()

Constructors

CryptoFactory(KmsClientFactory)

Create a new CryptoFactory

public CryptoFactory(CryptoFactory.KmsClientFactory kmsClientFactory)

Parameters

kmsClientFactory CryptoFactory.KmsClientFactory

Creates KMS clients from a connection configuration

Methods

Dispose()

Performs application-defined tasks associated with freeing, releasing, or resetting unmanaged resources.

public void Dispose()

GetFileDecryptionProperties(KmsConnectionConfig, DecryptionConfiguration, string?)

Get decryption properties for a Parquet file. If external key material is used then the path to the parquet file must be provided. This CryptoFactory instance must remain alive and not disposed until after any files using these decryption properties have been read, as internally the FileDecryptionProperties contains references to data in the CryptoFactory that cannot be managed by ParquetSharp. Failure to do so may result in native memory access violations and crashes that cannot be caught as exceptions.

public FileDecryptionProperties GetFileDecryptionProperties(KmsConnectionConfig connectionConfig, DecryptionConfiguration decryptionConfig, string? filePath = null)

Parameters

connectionConfig KmsConnectionConfig

The KMS connection configuration to use

decryptionConfig DecryptionConfiguration

The decryption configuration to use

filePath string

The path to the Parquet file being read. Can be null if internal key material is used.

Returns

FileDecryptionProperties

Decryption properties for the file

GetFileEncryptionProperties(KmsConnectionConfig, EncryptionConfiguration, string?)

Get the encryption properties for a Parquet file. If external key material is used then the path to the Parquet file must be provided.

public FileEncryptionProperties GetFileEncryptionProperties(KmsConnectionConfig connectionConfig, EncryptionConfiguration encryptionConfig, string? filePath = null)

Parameters

connectionConfig KmsConnectionConfig

The KMS connection configuration to use

encryptionConfig EncryptionConfiguration

The encryption configuration to use

filePath string

The path to the Parquet file being written. Can be null if internal key material is used.

Returns

FileEncryptionProperties

Encryption properties for the file

RotateMasterKeys(KmsConnectionConfig, string, bool, double)

Rotates master encryption keys for a Parquet file that uses external key material. In single wrapping mode, data encryption keys are decrypted with the old master keys and then re-encrypted with new master keys. In double wrapping mode, key encryption keys are decrypted with the old master keys and then re-encrypted with new master keys. This relies on the KMS supporting versioning, such that the old master key is used when unwrapping a key, and the latest version is used when wrapping a key.

public void RotateMasterKeys(KmsConnectionConfig connectionConfig, string parquetFilePath, bool doubleWrapping, double cacheLifetimeSeconds = 600)

Parameters

connectionConfig KmsConnectionConfig

The KMS connection configuration to use

parquetFilePath string

Path to the encrypted Parquet file

doubleWrapping bool

Whether to use double wrapping when rotating

cacheLifetimeSeconds double

Lifetime of cached objects in seconds