[jira] [Commented] (KUDU-3448) Store IPKI and TSK key material encrypted

Thu, 25 May 2023 21:05:06 -0700 


    [ 
https://issues.apache.org/jira/browse/KUDU-3448?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17726468#comment-17726468
 ] 

ASF subversion and git services commented on KUDU-3448:
-------------------------------------------------------

Commit 3aeb9139992eab62160b85bb1e51d44301549569 in kudu's branch 
refs/heads/master from Attila Bukor
[ https://gitbox.apache.org/repos/asf?p=kudu.git;h=3aeb91399 ]

KUDU-3448 Add support for encrypting TSKs

In a previous patch, support for encrypting IPKI root CA private keys
has been added. This is a follow up patch, to add encryption support for
token signing keys as well. It is controlled by a new flag:
--tsk_private_key_password_cmd.

If this flag is set, the token signing keys will be stored in the
syscatalog table in encrypted form (AES-256-CBC with PKCS#8 encoding).

Token signing keys rotate automatically in Kudu, but for now, at least,
encryption of TSKs can't be turned on or off on an existing master, so
if this flag is set on the first startup of a master, it must be set to
a command that outputs the same password as on initialization, and vice
versa, it must not be provided on later master startups if it wasn't
provided on initialization.

Change-Id: Id8d770de7ed824cfc725003bbe77f1e42629029b
Reviewed-on: http://gerrit.cloudera.org:8080/19617
Tested-by: Attila Bukor <abu...@apache.org>
Reviewed-by: Alexey Serbin <ale...@apache.org>


> Store IPKI and TSK key material encrypted
> -----------------------------------------
>
>                 Key: KUDU-3448
>                 URL: https://issues.apache.org/jira/browse/KUDU-3448
>             Project: Kudu
>          Issue Type: Improvement
>            Reporter: Attila Bukor
>            Assignee: Attila Bukor
>            Priority: Critical
>              Labels: security
>
> Key material for IPKI TLS and TSK should be stored on disk securely, even 
> when user data is not encrypted. The symmetric encryption key should be 
> derived from a password using PBKDF2 which is a FIPS-approved KDF. The 
> masters should have a flag that expects a command which outputs the password 
> (similar to {{{}--webserver_private_key_password_cmd{}}}), that way the users 
> can integrate with a HSM or choose another way to provide the password 
> securely without storing it on a disk.
> Generating new keys or encrypting existing key material is outside the scope 
> of this ticket.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to