Effective Jan 31, 2021, all Cloudera software requires a subscription.

Access Restricted



OS Requirements


  • Linux kernel 2.6.19 or later (RHEL and CentOS can use 2.6.18-92 or later)
  • RHEL 6-compatible
  • SLES 11 
  • Ubuntu 14.04
  • Debian 7


Supported command-line interpreters:

  • sh (Bourne)
  • bash (Bash)
  • dash (Debian)


Note: Navigator Encrypt does not support installation or use in chroot environments.


Network Requirements

For new Navigator Key Trustee Server (5.4.0 and higher) installations, Navigator Encrypt initiates TCP traffic over port 11371 (HTTPS) to the Key Trustee Server. For upgrades and Key Trustee Server versions lower than 5.4.0, Navigator Encrypt initiates TCP traffic over ports 80 (HTTP) and 443 (HTTPS) to the Navigator Key Trustee Server.


Internet Access

You must have an active Internet connection to download the software from the Cloudera repository. Alternatively, you can download the packages from a system with Internet access, copy the files to your server, and follow the Manual Installation instructions in the next section. For more information, contact Cloudera Support.


Maintenance Window

Data is not accessible during the encryption process. Plan for system downtime during installation and configuration.


Administrative Access

To enforce a high level of security, all Navigator Encrypt commands require administrative (root) access (including installation and configuration). If you do not have administrative privileges on your server, contact your system administrator before proceeding.


Package Dependencies

These dependent packages are native to most Linux operating systems, and are resolved by your distribution's package manager during installation.

  • dkms
  • kernel-devel
  • keyutils
  • ecryptfs-utils
  • gettext
  • gettext-libs
  • libgomp
  • libztrustee
  • zncrypt-kernel-module
  • binutils
  • cloog-ppl
  • cpp
  • gcc
  • glibc-devel
  • glibc-headers
  • kernel-headers
  • libmpc
  • mpfr
  • ppl
  • Updates to glibc and glibc-common

Installation works with gcc, gcc3, and gcc4.

Selected tab: systemrequirements

Issues Fixed in Cloudera Navigator Encrypt 3.7.1

Pressing Ctrl + C during rule creation corrupts rule file

Pressing Ctrl + C before rule addition completes results in a corrupted rule file. Attempting to add further fails with the following error:

[ERROR] Cannot parse ACL format: ACL header is not found: Did you type an incorrect key?


Intermittent Key Trustee Server communication errors

Intermittently, communication with the Key Trustee Server fails with an error similar to the following:

[error] UnicodeDecodeError: 'utf8' codec can't decode byte 0x80 in position 1: invalid start byte


The navencrypt-move --per-file option works only if the source and destination are on the same device

Using the navencrypt-move --per-file fails if the source and destination are on different devices.

Selected tab: whatsnew

Related Downloads

Navigator Key Trustee Server

Enterprise-grade key management, storing keys for HDFS encryption and Navigator Encrypt. Required prerequisite for all 3 of the related encryption downloads.

Download Now >

Navigator Key Trustee KMS

Connects HDFS Encryption to Navigator Key Trustee Server for production-ready key storage.


Download Now >

Navigator Key HSM

Integrates Navigator Key Trustee to existing Hardware Security Modules (HSMs), providing an (optional) additional layer of security.


Download Now >

Want to Get Involved or Learn More?

Check out our other resources

Cloudera Community

Collaborate with your peers, industry experts, and Clouderans to make the most of your investment in Hadoop.

Cloudera Educational Services

Receive expert Hadoop training through Cloudera Educational Services, the industry's only truly dynamic Hadoop training curriculum that’s updated regularly to reflect the state of the art in big data.