Hi,
I was looking through the documents of End-to-End
Encryption<http://pulsar.apache.org/docs/en/security-encryption> and I'm having
following queries as I haven't completely understood how this works:
1. Public key should be provided to Producer and private key to Consumer. In
that case, I'm wondering why we have to provide both Public and Private key
file to CryptoKeyReader . Because ideally the producer application will not
have the private key and vice-versa. Can someone please share any information
on this?
2. I'm not able to understand the significance of
`addEncryptionKey("my-app")` in producer builder. Because I was able to send a
message and consume it without setting this key at producer end. Can someone
please help me in understanding its significance?
3. We are supposed to generate new private and public key often (at least
once in a week due to security policy). In that case, after regenerating both
files, consumer will not be able to read the old messages from Broker as it
would have been encrypted by an old public key or vice-versa. Is there a
possibility to add multiple Public and Private keys so that, we can gradually
take down the old keys?
Regards,
Subash Kunjupillai
