Vikas Kumar created RANGER-5388:
-----------------------------------
Summary: Actual calculated salt size should be updated into the DB
Key: RANGER-5388
URL: https://issues.apache.org/jira/browse/RANGER-5388
Project: Ranger
Issue Type: Task
Components: kms
Reporter: Vikas Kumar
Assignee: Vikas Kumar
Fix For: 3.0.0
In FIPS enabled cluster, FIPS providers ( like BouncyCastle) requires salt size
being used
must be at least 128 bits, that is, at least 16 in length.
Default salt size is 8. This default size is not sufficient for FIPS env, and
if the salt size is not configured sufficiently through config file, KMS boot
up will fail.
*Current Behaviour:*
Instead of failing the KMS boot up , it increases the salt size by doubling it
at runtime. Salt size gets updated into the DB. But it is updating the
default/configured salt size into the DB, not the newly calculated size.
Same thing happens while reading back the encrypted content from DB, if it is
8, it will be doubled and will perform decryption.
*Expected behaviour:*
It should update the actual calculated salt size that has been used to encrypt
the content. It will remove the dependency to re-calculate the salt size while
decrypting, provides clarity.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
