ggershinsky commented on code in PR #12162:
URL: https://github.com/apache/iceberg/pull/12162#discussion_r1969113128
##########
format/spec.md:
##########
@@ -975,6 +978,23 @@ The unified partition type looks like `Struct<field#1,
field#2, field#3>`.
and then the table has evolved into `spec#1` which has just one field
`{field#2}`.
The unified partition type looks like `Struct<field#1, field#2>`.
+#### Encryption Keys
+
+Encryption keys and metadata required for decrypting the manifest list files
in encrypted tables.
+There are two types of entries:
+1. `key-metadata`: serialized key-metadata of the encrypted manifest list
files. The key-metadata objects include encryption keys and other fields
required to decrypt a file. Since these objects are sensitive, the serialized
key-metadata byte arrays are encrypted by another key. The encryption is done
via the integrity-preserving AES GCM cipher, using the snapshot ID as the AAD
(additional authentication data) parameter. The result of the encryption is
converted to a string via base64 encoding.
+2. `key`: the AES GCM key that encrypts the manifest list key-metadata. Since
these keys are sensitive, they are wrapped/encrypted in a Key Management
Service (KMS), using the table master key. The result of the wrapping is
converted to a string via base64 encoding.
+
+`encryption-keys` field of table metadata is an optional list of structs with
the following fields:
+
+| v1 | v2 | v3 | Field name | Type. |
Description
|
+|----|----|------------|-------------------------|----------|----------------------------------------------------------------------------------------------------------|
+| | | _required_ | **`id`** | `string` | ID of the
encryption key.
|
Review Comment:
maybe something like `key-id` for less ambiguity
##########
format/spec.md:
##########
@@ -975,6 +978,23 @@ The unified partition type looks like `Struct<field#1,
field#2, field#3>`.
and then the table has evolved into `spec#1` which has just one field
`{field#2}`.
The unified partition type looks like `Struct<field#1, field#2>`.
+#### Encryption Keys
+
+Encryption keys and metadata required for decrypting the manifest list files
in encrypted tables.
+There are two types of entries:
+1. `key-metadata`: serialized key-metadata of the encrypted manifest list
files. The key-metadata objects include encryption keys and other fields
required to decrypt a file. Since these objects are sensitive, the serialized
key-metadata byte arrays are encrypted by another key. The encryption is done
via the integrity-preserving AES GCM cipher, using the snapshot ID as the AAD
(additional authentication data) parameter. The result of the encryption is
converted to a string via base64 encoding.
+2. `key`: the AES GCM key that encrypts the manifest list key-metadata. Since
these keys are sensitive, they are wrapped/encrypted in a Key Management
Service (KMS), using the table master key. The result of the wrapping is
converted to a string via base64 encoding.
+
+`encryption-keys` field of table metadata is an optional list of structs with
the following fields:
+
+| v1 | v2 | v3 | Field name | Type. |
Description
|
+|----|----|------------|-------------------------|----------|----------------------------------------------------------------------------------------------------------|
+| | | _required_ | **`id`** | `string` | ID of the
encryption key.
|
+| | | _required_ | **`type`** | `string` | `key-metadata`
for manifest list encryption key metadata, or `key` for keys that encrypt
`key-metadata`. |
Review Comment:
the implementation shows that we don't need this field, technically. The
keys are simply referenced by a `key-id`.
Wrt human readability, we can infer the type using the `encryption-key-id`
field (it will be filled for a `key-metadata` and empty for a `key`)
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
