[jira] [Created] (HDDS-2247) Delete FileEncryptionInfo from KeyInfo when a Key is deleted

Thu, 03 Oct 2019 22:39:31 -0700 

Dinesh Chitlangia created HDDS-2247:
---------------------------------------

             Summary: Delete FileEncryptionInfo from KeyInfo when a Key is 
deleted
                 Key: HDDS-2247
                 URL: https://issues.apache.org/jira/browse/HDDS-2247
             Project: Hadoop Distributed Data Store
          Issue Type: Sub-task
            Reporter: Dinesh Chitlangia
            Assignee: Dinesh Chitlangia


[~aengineer] - As part of HDDS-2174 we are deleting Encryption Key on delete 
file operation.
However, if KMS is enabled, we are skipping GDPR Encryption Key approach when 
writing file in a GDPR enforced Bucket.

{code:java}
final FileEncryptionInfo feInfo = keyOutputStream.getFileEncryptionInfo();
    if (feInfo != null) {
      KeyProvider.KeyVersion decrypted = getDEK(feInfo);
      final CryptoOutputStream cryptoOut =
          new CryptoOutputStream(keyOutputStream,
              OzoneKMSUtil.getCryptoCodec(conf, feInfo),
              decrypted.getMaterial(), feInfo.getIV());
      return new OzoneOutputStream(cryptoOut);
    } else {
      try{
        GDPRSymmetricKey gk;
        Map<String, String> openKeyMetadata =
            openKey.getKeyInfo().getMetadata();
        if(Boolean.valueOf(openKeyMetadata.get(OzoneConsts.GDPR_FLAG))){
          gk = new GDPRSymmetricKey(
              openKeyMetadata.get(OzoneConsts.GDPR_SECRET),
              openKeyMetadata.get(OzoneConsts.GDPR_ALGORITHM)
          );
          gk.getCipher().init(Cipher.ENCRYPT_MODE, gk.getSecretKey());
          return new OzoneOutputStream(
              new CipherOutputStream(keyOutputStream, gk.getCipher()));
        }
      }catch (Exception ex){
        throw new IOException(ex);
      }
{code}

In such scenario, when KMS is enabled & GDPR enforced on a bucket, if we user 
deletes a file, we should delete the {{FileEncryptionInfo}} from KeyInfo, 
before moving it to deletedTable, else we cannot guarantee Right to Erasure.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

---------------------------------------------------------------------
To unsubscribe, e-mail: hdfs-dev-unsubscr...@hadoop.apache.org
For additional commands, e-mail: hdfs-dev-h...@hadoop.apache.org

Reply via email to