You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@pulsar.apache.org by Subash K <su...@ericsson.com> on 2020/04/25 10:55:40 UTC

Clarification on End-to-End Encryption

Hi,

I was looking through the documents of End-to-End Encryption<http://pulsar.apache.org/docs/en/security-encryption> and I'm having following queries as I haven't completely understood how this works:


  1.  Public key should be provided to Producer and private key to Consumer. In that case, I'm wondering why we have to provide both Public and Private key file to CryptoKeyReader . Because ideally the producer application will not have the private key and vice-versa. Can someone please share any information on this?
  2.  I'm not able to understand the significance of `addEncryptionKey("my-app")` in producer builder. Because I was able to send a message and consume it without setting this key at producer end. Can someone please help me in understanding its significance?
  3.  We are supposed to generate new private and public key often (at least once in a week due to security policy). In that case, after regenerating both files, consumer will not be able to read the old messages from Broker as it would have been encrypted by an old public key or vice-versa. Is there a possibility to add multiple Public and Private keys so that, we can gradually take down the old keys?

Regards,
Subash Kunjupillai

RE: Clarification on End-to-End Encryption

Posted by Subash K <su...@ericsson.com>.
Thanks Sijie, I’ll create issue for both soon.

Regards,
Subash Kunjupillai

From: Sijie Guo <gu...@gmail.com>
Sent: Wednesday, June 10, 2020 11:27 AM
To: users@pulsar.apache.org
Subject: Re: Clarification on End-to-End Encryption

Subash,

Comments inline.

On Sat, Apr 25, 2020 at 3:55 AM Subash K <su...@ericsson.com>> wrote:
Hi,

I was looking through the documents of End-to-End Encryption<http://pulsar.apache.org/docs/en/security-encryption> and I’m having following queries as I haven’t completely understood how this works:


  1.  Public key should be provided to Producer and private key to Consumer. In that case, I’m wondering why we have to provide both Public and Private key file to CryptoKeyReader . Because ideally the producer application will not have the private key and vice-versa. Can someone please share any information on this?

Yes. Your understanding is correct. Ideally we should have a separate interface for producer and consumer. Can you help create an issue for that?



  1.
  2.  I’m not able to understand the significance of `addEncryptionKey("my-app")` in producer builder. Because I was able to send a message and consume it without setting this key at producer end. Can someone please help me in understanding its significance?
  3.  We are supposed to generate new private and public key often (at least once in a week due to security policy). In that case, after regenerating both files, consumer will not be able to read the old messages from Broker as it would have been encrypted by an old public key or vice-versa. Is there a possibility to add multiple Public and Private keys so that, we can gradually take down the old keys?
This sounds like a good feature to consider. Can you add an issue for that?


  1.

Regards,
Subash Kunjupillai

Re: Clarification on End-to-End Encryption

Posted by Sijie Guo <gu...@gmail.com>.
Subash,

Comments inline.

On Sat, Apr 25, 2020 at 3:55 AM Subash K <su...@ericsson.com> wrote:

> Hi,
>
>
>
> I was looking through the documents of End-to-End Encryption
> <http://pulsar.apache.org/docs/en/security-encryption> and I’m having
> following queries as I haven’t completely understood how this works:
>
>
>
>    1. Public key should be provided to Producer and private key to
>    Consumer. In that case, I’m wondering why we have to provide both Public
>    and Private key file to CryptoKeyReader . Because ideally the producer
>    application will not have the private key and vice-versa. Can someone
>    please share any information on this?
>
>
Yes. Your understanding is correct. Ideally we should have a separate
interface for producer and consumer. Can you help create an issue for that?



>
>    1.
>    2. I’m not able to understand the significance of `
>    addEncryptionKey("my-*app*")` in producer builder. Because I was able
>    to send a message and consume it without setting this key at producer end.
>    Can someone please help me in understanding its significance?
>    3. We are supposed to generate new private and public key often (at
>    least once in a week due to security policy). In that case, after
>    regenerating both files, consumer will not be able to read the old messages
>    from Broker as it would have been encrypted by an old public key or
>    vice-versa. Is there a possibility to add multiple Public and Private keys
>    so that, we can gradually take down the old keys?
>
> This sounds like a good feature to consider. Can you add an issue for that?


>
>    1.
>
>
>
> Regards,
>
> Subash Kunjupillai
>
>
>