dineshchitlangia commented on issue #1542: HDDS-2140. Add robot test for GDPR feature URL: https://github.com/apache/hadoop/pull/1542#issuecomment-538226560 > Unrelated to this patch (as this patch tests the CLI arguments) but I am wondering how the core GDPR feature can be tested. I mean how can we be sure that the data is _really_ unreadable (grep to the chunk files for a specific strings??). To be honest, I have no idea, but putting this interesting question to here ;-) Recap: GDPR talk in Vegas ;) - When putting a key in a GDPR enforced bucket, Ozone will create a symmetric key and Client will use that to encrypt and write to key. - This encryption key is stored in KeyInfo Metadata - When reading the key, the encryption key is fetched from KeyInfo Metadata and used to decrypt the key. After our Vegas conference, we modified the delete path (HDDS-2174): - When user asks Ozone to delete a Key, we first delete the encryption key details from KeyInfo Metadata, then we move the KeyInfo to DeletedTable in OM. - Since the encryption key is lost, there is no way you can read that data(except if you restore a back/snapshot of your entire system from before deletion, which will also be address in version 2) - HDDS-2174 included a test to confirm the key metadata in DeletedTable does not have the GDPR Encryption Key details. Thereby, even if you get your hands on chunks, you will still read encrypted junk :)
---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: [email protected] With regards, Apache Git Services --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
