xanderbailey opened a new pull request, #16527: URL: https://github.com/apache/iceberg/pull/16527
## Before this PR The `key_metadata` field in manifest entries and the `encrypted-key-metadata` field in table metadata are described as "implementation-specific" in the spec. While implementing table encryption in iceberg-rust, we found that the actual binary formats used by the Java implementation are required for cross-implementation interop but aren't documented anywhere - you have to reverse-engineer them from the Java source. See mailing list thread: [DISCUSS] Specifying the encryption key metadata formats for cross-implementation interop ## After this PR The spec now documents: - The version-prefixed Avro binary format for per-file `key_metadata` (DEK, AAD prefix, file length) - The two-tier key hierarchy (KEKs wrapped by KMS vs manifest list keys encrypted by KEKs) Another implementation can now correctly read/write encrypted tables without referencing the Java source. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
