[
https://issues.apache.org/jira/browse/RANGER-3641?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17901553#comment-17901553
]
Vikas Kumar edited comment on RANGER-3641 at 11/27/24 6:12 PM:
---------------------------------------------------------------
Code has been tested, reviewed and merged. Hence marking it resolved.
Thanks to [~bpatel] and [~dhavalshah9131] for the code review.
Following is the API and the response taken for reference from test cluster:
*New API Request:*
{code:java}
curl -ivk -H "Content-Type: application/json" -H -X GET
'http://KMS-HOSTNAME:9292/kms/v1/key/dektestkey/_dek?user.name=keyadmin'{code}
*Response:*
{code:java}
{
"edek": {
"encryptedKeyVersion": {
"material": "gsndrW4VzpnTsC3PHC7sjw",
"name": "dektestkey",
"versionName": "EEK"
},
"versionName": "dektestkey@0",
"iv": "S4FpjpscEhf6ELWKRTG8OQ"
},
"dek": {
"material": "WiKLo1A79s-cGW5Sbb8pSw",
"name": "dektestkey",
"versionName": "EK"
}
} {code}
To cross check, I hit the existing decryptkey API with above EDEK material and
got the same DEK.
*Req:*
curl -ivk -H "Content-Type: application/json" -H -X POST --data
'\{"name":"dektestkey","iv":"S4FpjpscEhf6ELWKRTG8OQ","material":"gsndrW4VzpnTsC3PHC7sjw"}'
'http://apacheprtest.site:9292/kms/v1/keyversion/dektestkey@0/_eek?eek_op=decrypt&user.name=keyadmin|http://KMS-HOSTNAME:9292/kms/v1/keyversion/dektestkey@0/_eek?eek_op=decrypt&user.name=keyadmin'
*Response:*
{code:java}
{
"material": "WiKLo1A79s-cGW5Sbb8pSw",
"name": "dektestkey",
"versionName": "EK"
}{code}
was (Author: JIRAUSER295683):
Code has been tested, reviewed and merged. Hence marking it resolved.
Thanks to [~bpatel] and [~dhavalshah9131] for the code review.
Following is the API and the response taken for reference from test cluster:
*Request:*
curl -ivk -H "Content-Type: application/json" -H -X GET
'[http://apacheprtest.site:9292/kms/v1/key/dektestkey/_dek?user.name=keyadmin]'
*Response:*
{code:java}
{
"edek": {
"encryptedKeyVersion": {
"material": "gsndrW4VzpnTsC3PHC7sjw",
"name": "dektestkey",
"versionName": "EEK"
},
"versionName": "dektestkey@0",
"iv": "S4FpjpscEhf6ELWKRTG8OQ"
},
"dek": {
"material": "WiKLo1A79s-cGW5Sbb8pSw",
"name": "dektestkey",
"versionName": "EK"
}
} {code}
To cross check, I hit the existing decryptkey API with above EDEK material and
got the same DEK.
*Req:*
curl -ivk -H "Content-Type: application/json" -H -X POST --data
'\{"name":"dektestkey","iv":"S4FpjpscEhf6ELWKRTG8OQ","material":"gsndrW4VzpnTsC3PHC7sjw"}'
'http://apacheprtest.site:9292/kms/v1/keyversion/dektestkey@0/_eek?eek_op=decrypt&user.name=keyadmin|http://ccycloud-1.dektest.root.comops.site:9292/kms/v1/keyversion/dektestkey@0/_eek?eek_op=decrypt&user.name=keyadmin'
*Response:*
{code:java}
{
"material": "WiKLo1A79s-cGW5Sbb8pSw",
"name": "dektestkey",
"versionName": "EK"
}{code}
> Add API to enhance KMS capabilities
> -----------------------------------
>
> Key: RANGER-3641
> URL: https://issues.apache.org/jira/browse/RANGER-3641
> Project: Ranger
> Issue Type: Improvement
> Components: kms
> Affects Versions: 3.0.0, 2.3.0
> Reporter: kirby zhou
> Assignee: Vikas Kumar
> Priority: Major
>
> Some APIs are very useful.
>
> * GenerateEEK with decrypted EEK returned together
> Like:
> {EEK, EK} = GenerateEEK2(KeyVersion)
> This helps Program which request a EEK to encrypt something itself such like
> KUDU or MySQL.
> It now takes 2 RPC calls to complete encryption. If a API can return EEK and
> EK together, we can save 1 RPC call.
>
> * Simple Encryption and Decryption API
> Like:
> {EncryptedData} = Encrypt(KeyVersion, PlainData)
> {PlainData} = Decrypt(KeyVersion, EncryptedData)
> This helps Ranger KMS works for some simple situation such as encrypting
> password.
>
>
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
