You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@ranger.apache.org by Walter Bogaardt <wb...@gmail.com> on 2019/04/16 16:23:55 UTC

Ranger KMS 256 byte keys

'm trying to use a Material for a ranger KMS 256 byte key (using the
default AES/CTR/NoPadding) . The material is 43 bytes long which I am
unable to base64 decode it.  As well as the IV is 22 bytes. My plan is to
use kms for UDF field level encryption/decryption.

With materials for 128 byte encryption everything seems to work. How is the
256 byte key being created in it seems it doesn't have the right length. I
have JCE unlimited installed both on servers and client.

Any documentation or unit tests I'm finding for is centered around 128 byte
keys.
Walter Bogaardt

<https://www.linkedin.com/pub/walter-bogaardt/1/130/884>

Re: Ranger KMS 256 byte keys

Posted by Walter Bogaardt <wb...@gmail.com>.
Found the issue. The key issue when using a Ranger KMS material is encoded
and decoded using the Apache commons Base64 library. Which has a different
implementation from a Java Util library. So you can resolve this using the
apache commons base 64 library and then everything works fine. This is
because this library doesn't use or return padding.

On the flip side if there are python users and your using python libraries
you will have to add padding like (=) to the material then you can use the
standard base 64 decode urlsafe_b64decode.

The apache commons library implements RFC 2045 . verses python uses RFC
3548.


Walter Bogaardt






On Tue, Apr 16, 2019 at 9:23 AM Walter Bogaardt <wb...@gmail.com> wrote:

> 'm trying to use a Material for a ranger KMS 256 byte key (using the
> default AES/CTR/NoPadding) . The material is 43 bytes long which I am
> unable to base64 decode it.  As well as the IV is 22 bytes. My plan is to
> use kms for UDF field level encryption/decryption.
>
> With materials for 128 byte encryption everything seems to work. How is
> the 256 byte key being created in it seems it doesn't have the right
> length. I have JCE unlimited installed both on servers and client.
>
> Any documentation or unit tests I'm finding for is centered around 128
> byte keys.
> Walter Bogaardt
>
> <https://www.linkedin.com/pub/walter-bogaardt/1/130/884>
>
>
>