smaheshwar-pltr commented on code in PR #12162:
URL: https://github.com/apache/iceberg/pull/12162#discussion_r1966823087
##########
format/spec.md:
##########
@@ -975,6 +978,23 @@ The unified partition type looks like `Struct<field#1,
field#2, field#3>`.
and then the table has evolved into `spec#1` which has just one field
`{field#2}`.
The unified partition type looks like `Struct<field#1, field#2>`.
+#### Encryption Keys
+
+Encryption keys and metadata required for decrypting the manifest list files
in encrypted tables.
+There are two types of entries:
+1. `key-metadata`: serialized key-metadata of the encrypted manifest list
files. The key-metadata objects include encryption keys and other fields
required to decrypt a file. Since these objects are sensitive, the serialized
key-metadata byte arrays are encrypted by another key. The encryption is done
via the integrity-preserving AES GCM cipher, using the snapshot ID as the AAD
(additional authentication data) parameter. The result of the encryption is
converted to a string via base64 encoding.
+2. `key`: the AES GCM key that encrypts the manifest list key-metadata. Since
these keys are sensitive, they are wrapped/encrypted in a Key Management
Service (KMS), using the table master key. The result of the wrapping is
converted to a string via base64 encoding.
+
+`encryption-keys` field of table metadata is an optional list of structs with
the following fields:
+
+| v1 | v2 | v3 | Field name | Type. |
Description
|
+|----|----|------------|-------------------------|----------|----------------------------------------------------------------------------------------------------------|
+| | | _required_ | **`id`** | `string` | ID of the
encryption key.
|
+| | | _required_ | **`type`** | `string` | `key-metadata`
for manifest list encryption key metadata, or `key` for keys that encrypt
`key-metadata`. |
+| | | _required_ | **`key-metadata`**. | `string` | Encrypted
`key-metadata` or wrapped `key`. Base64-encoded.
|
Review Comment:
Maybe `encrypted-payload` or just `payload`? I think this will always be
encrypted (as opposed to the `key_metadata` fields inside manifest lists and
manifests) so perhaps nice to reflect that in the name
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscr...@iceberg.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscr...@iceberg.apache.org
For additional commands, e-mail: issues-h...@iceberg.apache.org
