Vikas Kumar created RANGER-5497:
-----------------------------------
Summary: [KMS]: Refactor existing KMS cryptography code and add
support for latest KDF and Ciphers
Key: RANGER-5497
URL: https://issues.apache.org/jira/browse/RANGER-5497
Project: Ranger
Issue Type: New Feature
Components: kms
Reporter: Vikas Kumar
Assignee: Vikas Kumar
Current KMS implantation supports PBEWith<MD>And<Encryption> type of algorithms
that implicitly decides (based of underlying SecurityProvider) the Key
Derivative Function and Cipher transformation algorithms.
By default, It uses PBEWithMD5AndTripleDES, that is deprecated and very weak
algorithm.
Zonekey has "PBEWithMD5AndTripleDES" hard coded.
*Expectation from the feature:*
* Refactor the existing cryptographic logic and put it at one common place to
improve code maintainability and usability.
* Make sure AES-256 is being used everywhere by default for Key generation
* String algorithms (like following) should be supported irrespective of FIPS
or Nomn-FIPS env.
* Main goal of refactoring is to support latest algorithms like following:
** For KDF: PBKDF2WithHmacSHA256
** For Cipher Transformation: AES/CTR/NoPadding, AES/CBC/PKCS5Padding,
AES/GCM/NoPadding
{*}Note{*}: A detailed design document will be available for the review soon.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
