[
https://issues.apache.org/jira/browse/HADOOP-10719?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14036444#comment-14036444
]
Charles Lamb commented on HADOOP-10719:
---------------------------------------
[~tucu00]
In general, LGTM.
When encrypting the key, what is the reason for calling SHA1PRNG.nextBytes on
it? Is that adding entropy to the SecureRNG?
Javadoc: is it ok to use "key material" as a noun with the indefinite article,
as in "a key material". Maybe "new key material" instead of "a key material"?
or "generates a byte[] of key material"? Ditto here:
bq. Decrypts an encrypted key material using the
bq. The generated key material is of the same length as the
<code>KeyVersion</code> material.
The generated key material is of the same length as the <code>KeyVersion</code>
material and is encrypted using the same cipher.
> Add generateEncryptedKey and decryptEncryptedKey methods to KeyProvider
> -----------------------------------------------------------------------
>
> Key: HADOOP-10719
> URL: https://issues.apache.org/jira/browse/HADOOP-10719
> Project: Hadoop Common
> Issue Type: Improvement
> Components: security
> Affects Versions: 3.0.0
> Reporter: Alejandro Abdelnur
> Assignee: Alejandro Abdelnur
> Attachments: HADOOP-10719.patch
>
>
> This is a follow up on
> [HDFS-6134|https://issues.apache.org/jira/browse/HDFS-6134?focusedCommentId=14036044&page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-14036044]
> KeyProvider API should have 2 new methods:
> * KeyVersion generateEncryptedKey(String keyVersionName, byte[] iv)
> * KeyVersion decryptEncryptedKey(String keyVersionName, byte[] iv, KeyVersion
> encryptedKey)
> The implementation would do a known transformation on the IV (i.e.: xor with
> 0xff the original IV).
--
This message was sent by Atlassian JIRA
(v6.2#6252)
