Trino UDFs Plugin to encrypt/decrypt values with a password

Last update: Dec 13, 2022

Overview

trino-encrypt-udfs

Example of Trino UDFs Plugin to encrypt and decrypt values with a password.

Introduction

In Trino you can create new Plugins by implementing interfaces and override methods defined by the SPI.

Plugins can provide additional Connectors, Types, Functions and with this project we implement 2 new SQL Functions (or UDFs / User-Defined Functions) to encrypt or decrypt a value (from a column or not) with a password.

The method used to encrypt a value is PBE (Password Based Encryption), a method where the encryption key (which is binary data) is derived from a password (string). PBE is using an encryption key generated from a password, random salt and number of iterations. Details on Java implementation, we use the PBEWithMD5AndDES mode.

Build

requires

Java 11
Maven 4.0.0+ (for building)

mvn clean package

If you want skip unit tests, please run:

mvn clean package -DskipTests

It will generate a trino-encrypt-udfs-{version}.jar and trino-encrypt-udfs-{version} folder in target directory.

Deploy

Copy the trino-encrypt-udfs-{version} folder from target directory in your Trino plugin directory and restart Trino server.

% cp -R ./target/trino-encrypt-udfs-{version} <trino-server-folder>/plugin/trino-encrypt-udfs

% <trino-server-folder>/bin/launcher restart

Then you should find 2 new functions encrypt and decrypt if you list all available functions of your Trino server with SHOW FUNCTIONS SQL command:

"encrypt","varchar","varchar, varchar","scalar","true","UDF to encrypt a value with a given password"

"decrypt","varchar","varchar, varchar","scalar","true","UDF to decrypt a value with a given password"

Usage

With a local trino server and trino CLI you can test the UDFs with:

%
   
    /trino --execute "SELECT encrypt('myvalue','mypassword')"

SQL queries to use and test functions:

SELECT decrypt(encrypt('myvalue','mypassword'),'mypassword')

SELECT decrypt(encrypt('myvalue','mypassword'),'my_new_password')

With last query you must get the message "Wrong password for decryption".

Tests on a tpch table:

SELECT encrypt(name,'new_password') FROM tpch.sf1.region

To create a table with encrypted data:

CREATE TABLE your_catalog.your_schema.region_encrypt AS SELECT encrypt(name,'new_password') FROM tpch.sf1.region

A handy plugin for copying requests/responses directly from Burp, some extra magic included.

RIO BurpSuite plugin Request Input Output BurpSuite plugin A.K.A RIO - A handy plugin for copying requests/responses directly from Burp, some extra ma

Nov 22, 2022

This is plugin for 1.17 Spigot/Bukkit Minecraft's servers.

This is plugin for 1.17 Spigot/Bukkit Minecraft's servers. This plugin fixes BowExploit(BowBomb) that found recently. Meteor Client developers released their fix, but the problem is that it fixes vanills arrow mechanics. Together I with https://github.com/l1tecorejz we made a plugin that fixes the exploit and doesn't

Jan 3, 2023

A plugin for the ja-netfilter, it can block http requests.

plugin-url A plugin for the ja-netfilter, it can block http requests. Use the mvn clean package command to compile and use url-vX.X.X-jar-with-depende

May 22, 2022

Copy Regex Matches is a Burp Suite plugin to copy regex matches from selected requests and/or responses to the clipboard.

Copy Regex Matches Copy Regex Matches is a Burp Suite plugin to copy regex matches from selected requests and/or responses to the clipboard. Install D

Dec 2, 2022

Easily regenerate worlds at a specific time & date you want (SpigotMC plugin)

Restore/reset worlds at specific times without kicking players from the server! No need to go through the hassle of resetting your worlds manually anymore. Plenty of features are already included in the free version!

Sep 23, 2022

Official repository of Trino, the distributed SQL query engine for big data, formerly known as PrestoSQL (https://trino.io)

Trino is a fast distributed SQL query engine for big data analytics. See the User Manual for deployment instructions and end user documentation. Devel

Dec 31, 2022

Time-Based One-Time Password (RFC 6238) and HMAC-Based One-Time Password (RFC 4226) reference implementations and more.

Crypto Time-Based One-Time Password (RFC 6238) and HMAC-Based One-Time Password (RFC 4226) reference implementations and more. Getting Started TOTP ge

May 12, 2022

A java implementation of Enigma, and a modern attack to decrypt it.

Java Enigma This is a Java implementation of an Enigma machine, along with code that attempts to break the encryption. This code is associated with an

Jan 4, 2023

Trino connectors for managing cloud resources, like AWS EC2 instances or S3 buckets.

Trino connectors for managing cloud resources, like AWS EC2 instances or S3 buckets. Please keep in mind that this is not production ready and it was created for tests.

Nov 4, 2022

A sidecar to run alongside Trino to gather metrics using the JMX connector and expose them in different formats using Apache velocity

Overview A sidecar to run alongside Trino to gather metrics using the JMX connector and expose them in different formats using Apache Velocity. Click

Nov 18, 2021

A command-line tool to securely encrypt passwords and notes using AES encryption.

Treasury A command-line tool to securely encrypt passwords and notes using AES encryption. Installation Usage Technology Built solely in Java Picocli

Oct 17, 2022

Generates and keeps up-to-date your Spring Boot applications' Let's Encrypt or other ACME compliant SSL certificates.

Generates and keeps up-to-date your Spring Boot applications' Let's Encrypt or other ACME compliant SSL certificates. Pure Java in a single file of library code. An automated embedded alternative to Certbot and docker-sidecars. No JVM restart is needed on certificate update.

Nov 18, 2022

Decipher-pad - Encrypt and secure your text files with Decipher Pad!

Welcome to Decipher Pad 👋 Encrypt and secure your text files with Decipher Pad! Table of Contents About The Project Tech Stack Prerequisites Developm

Feb 24, 2022

Intra is an experimental tool that allows you to test new DNS-over-HTTPS services that encrypt domain name lookups and prevent manipulation by your network

Intra Intra is an experimental tool that allows you to test new DNS-over-HTTPS services that encrypt domain name lookups and prevent manipulation by y

Jan 1, 2023

evilzip lets you create a zip file(with password) that contains files with directory traversal characters in their embedded path.

evilzip logs 20210701 修改权限问题,让解压后的文件默认就有读写执行的权限。 About evilzip lets you create a zip file(with password) that contains files with directory traversal

Dec 11, 2022

Comments

New to java

Hello can i get a step by step guide on how to create my own function , package it into a valid trino plugin and upload it? i checked the guide on trino website but I could not follow, Thank you

opened by JeevansSP 0