From 6dc80dec76ea96593cdffbfaecaff25d5645d160 Mon Sep 17 00:00:00 2001
From: Adam Reeve <adreeve@gmail.com>
Date: Tue, 21 Jan 2025 17:22:22 +1300
Subject: [PATCH] Don't use footer key for non-encrypted columns

---
 parquet/src/arrow/arrow_reader/mod.rs | 26 +++++++++++++++-----------
 parquet/src/encryption/ciphers.rs     |  5 +++++
 2 files changed, 20 insertions(+), 11 deletions(-)

diff --git a/parquet/src/arrow/arrow_reader/mod.rs b/parquet/src/arrow/arrow_reader/mod.rs
index 23b81b2841d..c203e7d2047 100644
--- a/parquet/src/arrow/arrow_reader/mod.rs
+++ b/parquet/src/arrow/arrow_reader/mod.rs
@@ -716,18 +716,22 @@ impl<T: ChunkReader + 'static> Iterator for ReaderPageIterator<T> {
                 .schema_descr()
                 .column(self.column_idx);
 
-            let file_decryptor = self
-                .metadata
-                .file_decryptor()
-                .clone()
-                .unwrap()
-                .get_column_decryptor(column_name.name().as_bytes());
-            let data_decryptor = Arc::new(file_decryptor.clone());
-            let metadata_decryptor = Arc::new(file_decryptor.clone());
+            if self.metadata.file_decryptor().as_ref().unwrap().is_column_encrypted(column_name.name().as_bytes()) {
+                let file_decryptor = self
+                    .metadata
+                    .file_decryptor()
+                    .clone()
+                    .unwrap()
+                    .get_column_decryptor(column_name.name().as_bytes());
+                let data_decryptor = Arc::new(file_decryptor.clone());
+                let metadata_decryptor = Arc::new(file_decryptor.clone());
 
-            let crypto_context =
-                CryptoContext::new(rg_idx, self.column_idx, data_decryptor, metadata_decryptor);
-            Some(Arc::new(crypto_context))
+                let crypto_context =
+                    CryptoContext::new(rg_idx, self.column_idx, data_decryptor, metadata_decryptor);
+                Some(Arc::new(crypto_context))
+            } else {
+                None
+            }
         } else {
             None
         };
diff --git a/parquet/src/encryption/ciphers.rs b/parquet/src/encryption/ciphers.rs
index 797734b7c56..1b845899947 100644
--- a/parquet/src/encryption/ciphers.rs
+++ b/parquet/src/encryption/ciphers.rs
@@ -377,6 +377,11 @@ impl FileDecryptor {
     pub(crate) fn has_footer_key(&self) -> bool {
         self.decryption_properties.has_footer_key()
     }
+
+    pub(crate) fn is_column_encrypted(&self, column_name: &[u8]) -> bool {
+        // Column is encrypted if either uniform encryption is used or an encryption key is set for the column
+        self.decryption_properties.column_keys.is_none() || self.has_column_key(column_name)
+    }
 }
 
 #[derive(Debug, Clone)]