[
https://issues.apache.org/jira/browse/HDDS-11070?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
István Fajth updated HDDS-11070:
--------------------------------
Description:
The KeyCodec implementation used by the PKI system currently is responsible to
encode and decode the KeyPair to/from PEM format.
In order to enable to use other storage formats, it is better to separate the
actual persistence logic, and the conversion logic from each other, this
enables to change the implementation of both logic separately, and we can
enable to use other persistence layers than just the filesystem by changing the
storage implementation, while we can use different persisted formats by
changing the actual coder/decoder implementation easily.
This is particularly useful if some legislation requires to conform with
certain rules in this area.
Further developments will enhance the possibilities to switch implementations,
the scope of this change is just to separate the two responsibilities from each
other.
was:The current implementation of encoding and decoding private and public
keys might not be crypto-compliant according to some legislation. To enable a
pluggable KeyCodec it needs to be separated from the part where we store and
read the keys. This issue aims at dividing these responsibilities between a
disk io class and the KeyCodec. The result of this is that only the
encoding/decoding of keys will need to be put in the crypto-compliance module,
the storing and reading of keys can stay at the same place.
> Separate KeyCodec from reading and storing keys to disk
> -------------------------------------------------------
>
> Key: HDDS-11070
> URL: https://issues.apache.org/jira/browse/HDDS-11070
> Project: Apache Ozone
> Issue Type: New Feature
> Reporter: Szabolcs Gál
> Priority: Major
>
> The KeyCodec implementation used by the PKI system currently is responsible
> to encode and decode the KeyPair to/from PEM format.
> In order to enable to use other storage formats, it is better to separate the
> actual persistence logic, and the conversion logic from each other, this
> enables to change the implementation of both logic separately, and we can
> enable to use other persistence layers than just the filesystem by changing
> the storage implementation, while we can use different persisted formats by
> changing the actual coder/decoder implementation easily.
> This is particularly useful if some legislation requires to conform with
> certain rules in this area.
> Further developments will enhance the possibilities to switch
> implementations, the scope of this change is just to separate the two
> responsibilities from each other.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
