[
https://issues.apache.org/jira/browse/IGNITE-8485?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16512222#comment-16512222
]
Vladimir Ozerov commented on IGNITE-8485:
-----------------------------------------
Hi, [~NIzhikov].
Several preliminary questions around API:
1) Why do we use master key to encrypt WAL records? I looked through all record
types marked as "encryptable" and all of them has cache group ID, i.e. it is
possible to get CEKs for them. If you replace MEK with CEK here, then it would
be possible to remove {{CipherSpi#masterKey}} method.
2) {{CipherSpi#create}} and {{CipherSpi#encryptKey}} are always used near each
other (2 times each). I would remove {{CipherSpi#create}} method and modify API
as follows:
{code}
byte[] createEncryptedCacheKey();
K decryptCacheKey(byte[] keyBytes);
{code}
What do you think?
> TDE - Phase-1
> -------------
>
> Key: IGNITE-8485
> URL: https://issues.apache.org/jira/browse/IGNITE-8485
> Project: Ignite
> Issue Type: Sub-task
> Reporter: Nikolay Izhikov
> Assignee: Nikolay Izhikov
> Priority: Critical
> Fix For: 2.6
>
>
> Basic support for a Transparent Data Encryption should be implemented:
> 1. Usage of standard JKS, Java Security.
> 2. Persistent Data Encryption/Decryption.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
