rok commented on issue #47435: URL: https://github.com/apache/arrow/issues/47435#issuecomment-3234567553
> Can you help me understand why a using a single DEK weaken the encryption? In my use case, we do encrypt the DEK and pass it in a secure channel. In a thought experiment, can users do exactly what the Arrow library does, but just do it external to the library and then pass in the key? Sorry, weakening encryption is not the correct expression here. We're encouraging use of KMSes as it helps users not having to re-implement things needed for envelope encryption, see [design doc](https://docs.google.com/document/d/1bEu903840yb95k9q2X-BlsYKuXoygE4VnMDl9xz_zhk/). I agree it would be nice to have more choices in pyarrow encryption story. We would want to be cautious to encourage good key management practices and make it easy to follow envelope encryption as per spec. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: github-unsubscr...@arrow.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
