[
https://issues.apache.org/jira/browse/HADOOP-15952?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16700965#comment-16700965
]
Larry McCay commented on HADOOP-15952:
--------------------------------------
[[email protected]] - I saw this. Thanks for pointing it out.
[~bjh] - this does seem like it may be useful, I'm not sure what you mean in
your description about "Maybe other Functions will be added" though.
A bit of background on the TPM 2 API may be good to provide along with a
description on how to align it with the KeyProvider interface. We will also
need to be cognizant of the fact that the same keys will likely need to be
provisioned to all nodes that need access to them. Not sure how this
replication is done in the TPM world or how to manually do this in any
reasonable way.
Perhaps you are considering a centralized TPM and the KMS sitting on top of it?
> Secure Key Handling Option with TPM2
> ------------------------------------
>
> Key: HADOOP-15952
> URL: https://issues.apache.org/jira/browse/HADOOP-15952
> Project: Hadoop Common
> Issue Type: Improvement
> Reporter: Ben Jonas Herbertz
> Priority: Minor
> Labels: KeyStore, security, tpm
> Original Estimate: 2,016h
> Remaining Estimate: 2,016h
>
> Implement the option to use a TPM 2 as a KeyStoreProvider as alternative to
> JavaKeyStoreProvider. Key Creating and Deleting will be implemented with the
> TPM.
> Maybe other Functions will be added.
> (Part of a Bachelor Thesis at Hochschule Darmstadt)
>
>
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
