Hi , We perform the below operations on "*material*" while creating key.
1.) In KMS.java we decode it. Link: https://github.com/apache/ranger/blob/master/kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMS.java#L144 2.) Which is further supplied to createKey() in RangerKeyStoreProvider.java Link: https://github.com/apache/ranger/blob/master/kms/src/main/java/org/apache/hadoop/crypto/key/RangerKeyStoreProvider.java#L191 3.) Within method innerSetKeyVersion() in RangerKeyStoreProvider.java we create obj of SecretKeySpec using material and cipher Link: https://github.com/apache/ranger/blob/master/kms/src/main/java/org/apache/hadoop/crypto/key/RangerKeyStoreProvider.java#L222 4.) SecretKeySpec obj is supplied to addKeyEntry() in class RangerKeyStore.java Link: https://github.com/apache/ranger/blob/master/kms/src/main/java/org/apache/hadoop/crypto/key/RangerKeyStore.java#L166 Let us know if you have any further concern. Thanks, Bhavik Patel +91-7208744109 On Tue, Mar 12, 2019 at 8:10 PM jeremy montgomery <alericmcke...@gmail.com> wrote: > All, > > I've been writing some python code that uses the ranger kms material as > the key (hope is to mirror the eek/dek functionality of the encrypted zones > for field level encryption). However, I'm totally confused by why the > material is 43 bytes long for AES/CTR/NoPadding instead of 32 bytes. > Looking through KMS.java, it looks like it should be constrained to 32 but > all of my materials are generated as 43 bytes. is there an internal hash > i'm missing here? > > >
