[
https://issues.apache.org/jira/browse/IGNITE-8485?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16619628#comment-16619628
]
Vladimir Ozerov commented on IGNITE-8485:
-----------------------------------------
Hi [~NIzhikov], my comments:
First part of comments relate to public API only:
1) EncryptionSpi should be located inside o.a.i.spi.encryption package for
consistency with other SPIs
2) Please add package-info files to new public packages (o.a.i.spi.encryption,
o.a.i.spi.encryption.jks)
3) I would rename "jks" package to "keystore" to have consistency between
package and class names (as in most other SPIs)
4) Same thing for EncryptionKey -> KeystoreEncryptionKey
5) NoopEncryptionSpi should either be removed completely (manager could be used
to check if encryption is enabled), or moved to "noop" package (with
package-info). I vote for removal - no need to add useless classes to public
API.
6) IEncryptionSpi - dotnetdocs are missing
7) Apache.Ignite.Core.Encryption.Aes namespace should be renamed to
Apache.Ignite.Core.Encryption.Keystore
Internals:
1) GridComponent.DiscoveryDataExchangeType.ENCRYPTION_MGR - I think it is
better to move it after CACHE_CRD_PROC for safety.
2) GridEncryptionManager.start/stop - no need to write debug log, as it is
already written in startSpi/stopSpi methods
3) GridEncryptionManager.onKernalStart0 - this is too late to register
listeners, as IO and discovery is already active at this point. Things like
this should be prepared on start() stage.
4) GridEncryptionManager.onKernalStart0 - I cannot understand why we are
listening to {{ctx.discovery().localJoinFuture().listen}} here. Could you
please clarify?
5) GridEncryptionManager - checks for {{notCoordinator()}} looks strange to me.
I do not see any cases where current coordinator should do anything else than
other nodes. All of them are equal. The only thing we need is to agree on
encryption key, which should happen on all nodes in the same place - during
cache creation inside exchange thread.
All in all, looks like we need to do some clean up in API and in manager.
Also I would like to ask persistence experts to throw a glance at
storage-related code (WAL, IOs, etc). [~agoncharuk], could you please do that
or suggest someone else, who can help us?
> TDE - Phase-1
> -------------
>
> Key: IGNITE-8485
> URL: https://issues.apache.org/jira/browse/IGNITE-8485
> Project: Ignite
> Issue Type: Sub-task
> Reporter: Nikolay Izhikov
> Assignee: Nikolay Izhikov
> Priority: Critical
> Fix For: 2.7
>
>
> Basic support for a Transparent Data Encryption should be implemented:
> 1. Usage of standard JKS, Java Security.
> 2. Persistent Data Encryption/Decryption.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
