Uploaded image for project: 'Hadoop HDFS'
  1. Hadoop HDFS
  2. HDFS-10899

Add functionality to re-encrypt EDEKs

    XMLWordPrintableJSON

Details

    • New Feature
    • Status: Resolved
    • Major
    • Resolution: Fixed
    • None
    • 3.0.0-beta1
    • encryption, kms
    • None

    Description

      Currently when an encryption zone (EZ) key is rotated, it only takes effect on new EDEKs. We should provide a way to re-encrypt EDEKs after the EZ key rotation, for improved security.

      Attachments

        1. editsStored
          6 kB
          Xiao Chen
        2. HDFS-10899.01.patch
          163 kB
          Xiao Chen
        3. HDFS-10899.02.patch
          119 kB
          Xiao Chen
        4. HDFS-10899.03.patch
          121 kB
          Xiao Chen
        5. HDFS-10899.04.patch
          126 kB
          Xiao Chen
        6. HDFS-10899.05.patch
          133 kB
          Xiao Chen
        7. HDFS-10899.06.patch
          143 kB
          Xiao Chen
        8. HDFS-10899.07.patch
          144 kB
          Xiao Chen
        9. HDFS-10899.08.patch
          147 kB
          Xiao Chen
        10. HDFS-10899.09.patch
          154 kB
          Xiao Chen
        11. HDFS-10899.10.patch
          209 kB
          Xiao Chen
        12. HDFS-10899.10.wip.patch
          160 kB
          Xiao Chen
        13. HDFS-10899.11.patch
          209 kB
          Xiao Chen
        14. HDFS-10899.12.patch
          215 kB
          Xiao Chen
        15. HDFS-10899.13.patch
          227 kB
          Xiao Chen
        16. HDFS-10899.14.patch
          228 kB
          Xiao Chen
        17. HDFS-10899.15.patch
          241 kB
          Xiao Chen
        18. HDFS-10899.16.patch
          242 kB
          Xiao Chen
        19. HDFS-10899.17.patch
          244 kB
          Xiao Chen
        20. HDFS-10899.wip.2.patch
          88 kB
          Xiao Chen
        21. HDFS-10899.wip.patch
          106 kB
          Xiao Chen
        22. Re-encrypt edek design doc.pdf
          117 kB
          Xiao Chen
        23. Re-encrypt edek design doc V2.pdf
          156 kB
          Xiao Chen

        Issue Links

          breaks

          Bug - A problem which impairs or prevents the functions of the product. HDFS-12359 Re-encryption should operate with minimum KMS ACL requirements.

          • Major - Major loss of function.
          • Resolved

          Bug - A problem which impairs or prevents the functions of the product. HDFS-12383 Re-encryption updater should handle canceled tasks better

          • Major - Major loss of function.
          • Resolved

          Bug - A problem which impairs or prevents the functions of the product. HDFS-12518 Re-encryption should handle task cancellation and progress better

          • Major - Major loss of function.
          • Resolved
          depends upon

          Improvement - An improvement or enhancement to an existing feature or task. HADOOP-13827 Add reencryptEncryptedKey interface to KMS

          • Major - Major loss of function.
          • Resolved

          Improvement - An improvement or enhancement to an existing feature or task. HADOOP-14705 Add batched interface reencryptEncryptedKeys to KMS

          • Major - Major loss of function.
          • Resolved

          Improvement - An improvement or enhancement to an existing feature or task. HDFS-11210 Enhance key rolling to guarantee new KeyVersion is returned from generateEncryptedKeys after a key is rolled

          • Major - Major loss of function.
          • Resolved
          is depended upon by

          Task - A task that needs to be done. HDFS-11203 Rename support during re-encrypt EDEK

          • Major - Major loss of function.
          • Open
          requires

          Improvement - An improvement or enhancement to an existing feature or task. HADOOP-14688 Intern strings in KeyVersion and EncryptedKeyVersion

          • Major - Major loss of function.
          • Resolved

          Activity

            People

              xiaochen Xiao Chen
              xiaochen Xiao Chen
              Votes:
              0 Vote for this issue
              Watchers:
              13 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: