Hi Sitaraman,
A key name can have multiple versions. When you roll a key (via its name),
a new version is created. When you fetch a key via name, you get the
current version. You can also explicitly fetch a particular key version.
I think what you term a "key alias" is the key name.
Regarding FE
Hi Arun,
FileEncryptionInfo has both a getKeyName and a getKeyVersionName. What
distinguishes the concept of keyname and key version.
It appears to me that the keyname is closer to key alias than a key
version. What is key version? Thanks much.
Sitaraman
On Sun, Jun 14, 2015 at 2:07 PM, Sitaram
Hi Arun,
Thanks for your patience. I have a related question In my application i
need to encrypt/decrypt files
from the map reduce phase and i need to support key rotation. Can i access
the KMS from the map/reduce
phase to retrieve the key material from the key alias which i retrieve from
the Fil
Apologize if I wasn't clear
> Is the EZ key version same as an alias for the key?
yup
> the EDEK along with the EZ key version is stored in the FIleInfo
FileInfo contains both EDEK and EZ key version. The FileInfo (you can look
at the *org.apache.hadoop.fs.FileEncryptionInfo* class for more info)
