[jira] [Commented] (KUDU-3448) Store IPKI and TSK key material encrypted

Wed, 22 Mar 2023 11:12:07 -0700 


    [ 
https://issues.apache.org/jira/browse/KUDU-3448?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17703749#comment-17703749
 ] 

ASF subversion and git services commented on KUDU-3448:
-------------------------------------------------------

Commit 5542d1db30cb67a6b224ae4d4539a4e022856c98 in kudu's branch 
refs/heads/master from Attila Bukor
[ https://gitbox.apache.org/repos/asf?p=kudu.git;h=5542d1db3 ]

KUDU-3448 Add support for encrypting IPKI keys

This patch introduces a new flag, --ipki_private_key_password_cmd. If
set, Kudu's internal PKI's root CA private key will be encrypted with
the password that is output by the command set with this flag.

The key is encrypted with AES-256-CBC and encoded in PKCS#8 format. The
behavior is similar to --webserver_private_key_password_cmd, which is
used to provide a command to decrypt the webserver certificate's private
key.

Currently, Kudu doesn't support rotating IPKI keys, so this flag can't
be used on existing clusters, and if it was used on the first startup of
a master, it must be used as long as that master exists, it won't be
able to start without it.

Change-Id: I71f2ec856f018d56efbf6901039eed2676fcbe23
Reviewed-on: http://gerrit.cloudera.org:8080/19616
Reviewed-by: Alexey Serbin <ale...@apache.org>
Reviewed-by: Zoltan Chovan <zcho...@cloudera.com>
Tested-by: Kudu Jenkins


> Store IPKI and TSK key material encrypted
> -----------------------------------------
>
>                 Key: KUDU-3448
>                 URL: https://issues.apache.org/jira/browse/KUDU-3448
>             Project: Kudu
>          Issue Type: Improvement
>            Reporter: Attila Bukor
>            Assignee: Attila Bukor
>            Priority: Critical
>              Labels: security
>
> Key material for IPKI TLS and TSK should be stored on disk securely, even 
> when user data is not encrypted. The symmetric encryption key should be 
> derived from a password using PBKDF2 which is a FIPS-approved KDF. The 
> masters should have a flag that expects a command which outputs the password 
> (similar to {{{}--webserver_private_key_password_cmd{}}}), that way the users 
> can integrate with a HSM or choose another way to provide the password 
> securely without storing it on a disk.
> Generating new keys or encrypting existing key material is outside the scope 
> of this ticket.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to