[HDDS-2015] Encrypt/decrypt key using symmetric key while writing/reading - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Sub-task
Status: Resolved
Priority: Major
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 0.5.0
Component/s: None
Labels:
- pull-request-available

Description

Key Write Path (Encryption)
When a bucket metadata has gdprEnabled=true, we generate the GDPRSymmetricKey and add it to Key Metadata before we create the Key.
This ensures that key is encrypted before writing.

Key Read Path(Decryption)
While reading the Key, we check for gdprEnabled=true and they get the GDPRSymmetricKey based on secret/algorithm as fetched from Key Metadata.
Create a stream to decrypt the key and pass it on to client.

Test
Create Key in GDPR Enabled Bucket -> Read Key -> Verify content is as expected -> Update Key Metadata to remove the gdprEnabled flag -> Read Key -> Confirm the content is not as expected.

Attachments

Issue Links

links to

GitHub Pull Request #1386

Activity

People

Assignee:: Dinesh Chitlangia

Reporter:: Dinesh Chitlangia

Votes:: 1 Vote for this issue

Watchers:: 4 Start watching this issue

Dates

Created:: 22/Aug/19 19:11

Updated:: 24/Feb/20 20:50

Resolved:: 06/Sep/19 18:44

Time Tracking

Estimated:

Not Specified

Remaining:

Logged: