vikaskr22 opened a new pull request, #612:
URL: https://github.com/apache/ranger/pull/612

   …material into DB
   
   ## What changes were proposed in this pull request?
   
   A sanity check (kind of assertion) has been added in the RangerMasterKey to 
make sure re-encrypted material returns the the same old MK key material after 
decryption process. It is required , if decrypt operation fails due to any 
runtime error or returns some wrong material, it would be the case of data loss 
.   
   
   Since same encrypt/decrypt provider is being used for both MasterKey and 
Zone keys, I am not adding this check for zone keys. Adding such check for zone 
keys will impact the performance considering there would be many zone keys.
   
   ## How was this patch tested?
   
   mvn build
   Unit Test
   Manually verified in docker container by configuring the container to 
support FIPS provider and related configuration. Followed the steps from 
[](https://issues.apache.org/jira/browse/RANGER-3174)
   
   **What was tested:**
   
   By default, master key got created using PBEWithMD5AndDES, after 
configuration for FIPS and restart, Master key got re-encrypted using the 
configured algorithm PBKDF2WithHmacSHA256
   
    
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@ranger.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

Reply via email to