[ https://issues.apache.org/jira/browse/HADOOP-10429?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13947418#comment-13947418 ]
Larry McCay commented on HADOOP-10429: -------------------------------------- [~tucu00]] - I had given this some thought in the past as well. I think that it is fine to add this but I don't know that we should remove the ability for the consumer to use an arbitrary source for keying material. I would imagine a perhaps adding a separate switch to indicate that you want to delegate it to the provider or not. I can imagine a usecase where a specialized hardware key generator is used but you want to store it in a java keystore. You shouldn't necessarily have to write a new provider for that combination. What do you think? > KeyStores should have methods to generate the materials themselves, KeyShell > should use them > -------------------------------------------------------------------------------------------- > > Key: HADOOP-10429 > URL: https://issues.apache.org/jira/browse/HADOOP-10429 > Project: Hadoop Common > Issue Type: Improvement > Components: security > Affects Versions: 3.0.0 > Reporter: Alejandro Abdelnur > Assignee: Alejandro Abdelnur > Attachments: HADOOP-10429.patch > > > Currently, the {{KeyProvider}} API expects the caller to provide the key > materials. And, the {{KeyShell}} generates key materials. > For security reasons, {{KeyProvider}} implementations may want to generate > and hide (from the user generating the key) the key materials. -- This message was sent by Atlassian JIRA (v6.2#6252)