adamreeve opened a new issue, #7373: URL: https://github.com/apache/arrow-rs/issues/7373
#6637 and #7111 added support for reading and writing Parquet files with encryption. These add `FileDecryptionProperties` and `FileEncryptionProperties` types that hold encryption keys as a `Vec<u8>`. Precaution should be taken to prevent accidentally exposing these keys and allowing unauthorised access to encrypted data. In the C++ Parquet implementation for example, these keys are "wiped" after a file is read or written, which is intended to prevent any memory access bugs from being able to expose these keys. But it's known that this wiping isn't very secure as only the first byte of the key is usually overwritten. See https://github.com/apache/arrow/issues/31603 and some of the discussion in https://github.com/apache/arrow/pull/44990. Ideally these keys should be stored in a type that automatically clears the whole key from memory when it is dropped, eg. something like https://crates.io/crates/secure-string, or a custom abstraction built on top of https://crates.io/crates/zeroize. We might also want to have a `Debug` implementation that doesn't show the key contents to avoid accidental logging of keys. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: github-unsubscr...@arrow.apache.org.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
