[jira] [Commented] (HADOOP-10528) A TokenKeyProvider for a Centralized Key Manager Server (BEE: bee-key-manager)

Tue, 22 Apr 2014 09:33:09 -0700 

    [ 
https://issues.apache.org/jira/browse/HADOOP-10528?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13977014#comment-13977014
 ] 

Larry McCay commented on HADOOP-10528:
--------------------------------------

While this seems like interesting work, it also duplicates a number of jiras - 
all of which are already committed and being collaboratively worked on.

I will add them as jiras that this duplicates but here are the ones that come 
to mind:

duplicates KeyProvider API, KeyShell and Alejandro's KMS.

https://issues.apache.org/jira/browse/HADOOP-10433 KMS
https://issues.apache.org/jira/browse/HADOOP-10177 KeyShell
https://issues.apache.org/jira/browse/HADOOP-10141 KeyProvider API

Another thing that I noticed is that Key.deriveKeys doesn't seem to be using a 
salt of any kind in its creation of a key from a password. This is going to end 
up creating the same key each time - no?

I could also use a bit of description about the Token aspect of this provider - 
this will be good in determining how to fit it into the existing KeyProvider 
API.

> A TokenKeyProvider for a Centralized Key Manager Server (BEE: bee-key-manager)
> ------------------------------------------------------------------------------
>
>                 Key: HADOOP-10528
>                 URL: https://issues.apache.org/jira/browse/HADOOP-10528
>             Project: Hadoop Common
>          Issue Type: Sub-task
>          Components: security
>            Reporter: howie yu
>         Attachments: HADOOP-10528.patch
>
>
> This is a key provider based on HADOOP-9331. HADOOP-9331 has designed a 
> complete Hadoop crypto codec framework, but the key can only be retrieved 
> from a local Java KeyStore file. To the convenience, we design a Centralized 
> Key Manager Server (BEE: bee-key-manager) and user can use this 
> TokenKeyProvider to retrieve keys from the Centralized Key Manager Server. By 
> the way, to secure the key exchange, we leverage HTTPS + SPNego/SASL to 
> protect the key exchange. To the detail design and usage, please refer to 
> https://github.com/trendmicro/BEE. 
> Moreover, there are still much more requests about Hadoop Data Encryption 
> (such as provide standalone module, support KMIP...etc.), if anyone has 
> interested in those features, pleas let us know. 
>  
> Ps. Because this patch based on HADOOP-9331, please use patch HADOOP-9333, 
> and HADOOP-9332 and before use our patch HADOOP-10528.patch.



--
This message was sent by Atlassian JIRA
(v6.2#6252)

Reply via email to