[
https://issues.apache.org/jira/browse/RANGER-5497?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Vikas Kumar updated RANGER-5497:
--------------------------------
Attachment: RANGER-5497 _ Refactor existing KMS cryptography code and add
support for latest KDF and Ciphers.pdf
> [KMS]: Refactor existing KMS cryptography code and add support for latest KDF
> and Ciphers
> -----------------------------------------------------------------------------------------
>
> Key: RANGER-5497
> URL: https://issues.apache.org/jira/browse/RANGER-5497
> Project: Ranger
> Issue Type: New Feature
> Components: kms
> Reporter: Vikas Kumar
> Assignee: Vikas Kumar
> Priority: Major
> Attachments: RANGER-5497 _ Refactor existing KMS cryptography code
> and add support for latest KDF and Ciphers.pdf
>
>
> Current KMS implantation supports PBEWith<MD>And<Encryption> type of
> algorithms that implicitly decides (based of underlying SecurityProvider) the
> Key Derivative Function and Cipher transformation algorithms.
> By default, It uses PBEWithMD5AndTripleDES, that is deprecated and very weak
> algorithm.
> Zonekey has "PBEWithMD5AndTripleDES" hard coded.
> *Expectation from the feature:*
> * Refactor the existing cryptographic logic and put it at one common place
> to improve code maintainability and usability.
> * Make sure AES-256 is being used everywhere by default for Key generation
> * String algorithms (like following) should be supported irrespective of
> FIPS or Nomn-FIPS env.
> * Main goal of refactoring is to support latest algorithms like following:
> ** For KDF: PBKDF2WithHmacSHA256
> ** For Cipher Transformation: AES/CTR/NoPadding, AES/CBC/PKCS5Padding,
> AES/GCM/NoPadding
> {*}Note{*}: A detailed design document will be available for the review soon.
>
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
