EIC code displayed by LXR |
|
|
|
|||
File indexing completed on 2026-04-17 08:28:53
0001 // Licensed to the Apache Software Foundation (ASF) under one 0002 // or more contributor license agreements. See the NOTICE file 0003 // distributed with this work for additional information 0004 // regarding copyright ownership. The ASF licenses this file 0005 // to you under the Apache License, Version 2.0 (the 0006 // "License"); you may not use this file except in compliance 0007 // with the License. You may obtain a copy of the License at 0008 // 0009 // http://www.apache.org/licenses/LICENSE-2.0 0010 // 0011 // Unless required by applicable law or agreed to in writing, 0012 // software distributed under the License is distributed on an 0013 // "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 0014 // KIND, either express or implied. See the License for the 0015 // specific language governing permissions and limitations 0016 // under the License. 0017 0018 #pragma once 0019 0020 #include <cstdint> 0021 #include <vector> 0022 0023 #include "arrow/util/base64.h" 0024 #include "arrow/util/secure_string.h" 0025 0026 namespace parquet::encryption { 0027 0028 // In the double wrapping mode, each "data encryption key" (DEK) is encrypted with a “key 0029 // encryption key” (KEK), that in turn is encrypted with a "master encryption key" (MEK). 0030 // In a writer process, a random KEK is generated for each MEK ID, and cached in a <MEK-ID 0031 // : KEK> map. This allows to perform an interaction with a KMS server only once for each 0032 // MEK, in order to wrap its KEK. "Data encryption key" (DEK) wrapping is performed 0033 // locally, and does not involve an interaction with a KMS server. 0034 class KeyEncryptionKey { 0035 public: 0036 KeyEncryptionKey(::arrow::util::SecureString kek_bytes, std::string kek_id, 0037 std::string encoded_wrapped_kek) 0038 : kek_bytes_(std::move(kek_bytes)), 0039 kek_id_(std::move(kek_id)), 0040 encoded_kek_id_(::arrow::util::base64_encode(kek_id_)), 0041 encoded_wrapped_kek_(std::move(encoded_wrapped_kek)) {} 0042 0043 const ::arrow::util::SecureString& kek_bytes() const { return kek_bytes_; } 0044 0045 const std::string& kek_id() const { return kek_id_; } 0046 0047 const std::string& encoded_kek_id() const { return encoded_kek_id_; } 0048 0049 const std::string& encoded_wrapped_kek() const { return encoded_wrapped_kek_; } 0050 0051 private: 0052 ::arrow::util::SecureString kek_bytes_; 0053 std::string kek_id_; 0054 std::string encoded_kek_id_; 0055 std::string encoded_wrapped_kek_; 0056 }; 0057 0058 } // namespace parquet::encryption
| [ Source navigation ] | [ Diff markup ] | [ Identifier search ] | [ general search ] |
|
This page was automatically generated by the 2.3.7 LXR engine. The LXR team |
|