[
https://issues.apache.org/jira/browse/RANGER-5239?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=18009238#comment-18009238
]
Dhaval Shah commented on RANGER-5239:
-------------------------------------
Merged into apache master :
[https://github.com/apache/ranger/commit/6dede819beb5b376f47d6a63258c81a388e0facd]
Thanks
> [KMS] Decrypt and verify before storing newly re-encypted key material into DB
> ------------------------------------------------------------------------------
>
> Key: RANGER-5239
> URL: https://issues.apache.org/jira/browse/RANGER-5239
> Project: Ranger
> Issue Type: Task
> Components: kms
> Reporter: Vikas Kumar
> Assignee: Vikas Kumar
> Priority: Major
> Time Spent: 40m
> Remaining Estimate: 0h
>
> As per current implementation, During key material re-encryption:
> * It first gets decrypted using old algorithm and associated parameters.
> * And then re-encrypted using new algorithm.
> * And finally stored into the DB.
> Here idea is to add one simply sanity checks as follows:
> After re-encryption using new algorithm, it should be again decrypted using
> new algorithm and decrypted content should be matched with older decrypted
> material.
> This is not a functional requirement but will ensure that decrypt operation
> using new algorithm is also working correctly and returning the same key
> material.
> This should be done for both Masterkey and all Zone keys.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
