Vikas Kumar created RANGER-5239:
-----------------------------------
Summary: [KMS] Decrypt and verify before storing newly re-encypted
key material into DB
Key: RANGER-5239
URL: https://issues.apache.org/jira/browse/RANGER-5239
Project: Ranger
Issue Type: Task
Components: kms
Reporter: Vikas Kumar
Assignee: Vikas Kumar
As per current implementation, During key material re-encryption:
* It first gets decrypted using old algorithm and associated parameters.
* And then re-encrypted using new algorithm.
* And finally stored into the DB.
Here idea is to add one simply sanity checks as follows:
After re-encryption using new algorithm, it should be again decrypted using new
algorithm and decrypted content should be matched with older decrypted
material.
This is not a functional requirement but will ensure that decrypt operation
using new algorithm is also working correctly and returning the same key
material.
This should be done for both Masterkey and all Zone keys.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
