[jira] [Commented] (IGNITE-8871) TDE - Phase-1. Documentation

Fri, 02 Nov 2018 06:11:14 -0700 


    [ 
https://issues.apache.org/jira/browse/IGNITE-8871?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16673085#comment-16673085
 ] 

Nikolay Izhikov commented on IGNITE-8871:
-----------------------------------------

Hello, [~Artem Budnikov]

> 0) Are there any requirements for the master encryption key? 

It must be the same on all nodes in the same cluster.
It must have name provided in config.

> 1) Do I get it right that Cache Encryption Key is generated when the cache is 
> started the first time and then stored in an encrypted form in a system cache?

Cache Encryption Key generated with the key generation request(a bit earlier 
then actual cache creation).
Yes, Cache encryption key is stored in MetaStor.

> 2) Is SSL connection between node required for TDE to work or will it work 
> without it? I tried to start a cluster without SSL configured and it launched 
> just fine. 

Not required.

> 3) You have this phrase in the wiki: "MEK must be decrypted by an 
> administrator during cluster activation."  What actions are required from the 
> administrator? 

Sorry, this definition is out of date. 
Password to open keystore is provided in config file.
No other actions required to start nodes and activate cluster.

> 4) Similarly, "Administrator sends the password via SSL for MEK decryption to 
> any server node." What does the administrator need to do to send the 
> password? 

Sorry, this definition is out of date.

> 5) Is the master key exchanged between the nodes?

No. 
Joining node sends local master key *hash* that is compared with other nodes 
master key hashes.
If hashes are not equal - joining node rejected.


> TDE - Phase-1. Documentation
> ----------------------------
>
>                 Key: IGNITE-8871
>                 URL: https://issues.apache.org/jira/browse/IGNITE-8871
>             Project: Ignite
>          Issue Type: Sub-task
>          Components: documentation
>    Affects Versions: 2.5
>            Reporter: Nikolay Izhikov
>            Assignee: Nikolay Izhikov
>            Priority: Major
>              Labels: documentation
>             Fix For: 2.7
>
>
> TDE feature should be documented.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Reply via email to