[jira] [Commented] (KUDU-3448) Store IPKI and TSK key material encrypted

Fri, 17 Mar 2023 18:21:43 -0700 


    [ 
https://issues.apache.org/jira/browse/KUDU-3448?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17702032#comment-17702032
 ] 

ASF subversion and git services commented on KUDU-3448:
-------------------------------------------------------

Commit dfdaa69b34b1030677b7049c6b717957d32c7af4 in kudu's branch 
refs/heads/master from Attila Bukor
[ https://gitbox.apache.org/repos/asf?p=kudu.git;h=dfdaa69b3 ]

KUDU-3448 Plumbing for encrypting key material

Key material for the internal PKI and token signing keys are stored in
the syscatalog table in clear text, which is okay when volume-level
encryption or Kudu's built-in data at rest encryption is used, but in
some cases, this is either not used, or it's not enough (FISMA).

To allow storing these key materials in encrypted form in the syscatalog
table, this patch adds the necessary plumbing in Kudu's OpenSSL wrapper.
It is now possible to pass a password callback function to the utility
functions responsible for reading from and writing to OpenSSL BIO and
strings.

Change-Id: I24c5ac8ea0f9a4cab0f35ecccb1b7b00f3acefa8
Reviewed-on: http://gerrit.cloudera.org:8080/19615
Tested-by: Kudu Jenkins
Reviewed-by: Alexey Serbin <[email protected]>


> Store IPKI and TSK key material encrypted
> -----------------------------------------
>
>                 Key: KUDU-3448
>                 URL: https://issues.apache.org/jira/browse/KUDU-3448
>             Project: Kudu
>          Issue Type: Improvement
>            Reporter: Attila Bukor
>            Assignee: Attila Bukor
>            Priority: Critical
>              Labels: security
>
> Key material for IPKI TLS and TSK should be stored on disk securely, even 
> when user data is not encrypted. The symmetric encryption key should be 
> derived from a password using PBKDF2 which is a FIPS-approved KDF. The 
> masters should have a flag that expects a command which outputs the password 
> (similar to {{{}--webserver_private_key_password_cmd{}}}), that way the users 
> can integrate with a HSM or choose another way to provide the password 
> securely without storing it on a disk.
> Generating new keys or encrypting existing key material is outside the scope 
> of this ticket.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to