[Glass] Some basic internal questions about Encryption

Bruno Buzzi Brassesco bruno.brasesco at gmail.com
Thu May 13 11:00:53 PDT 2021


Each extent and tranlog has it's own (symmetric) session key, stored in the
> file in encrypted format.
> Each session keys for each extent and tranlog is (asymetric) encrypted
> with the same public key and (asymetric) decrypted with the same private
> key (the private key used to start the stone).
> So you only need 1 public/private key pair to access any extent or
> tranlog, but the session key for each extent or tranlog is different.

This clarifies all my doubts. Consider adding these sentences to
SysAdminGuide :)


El jue, 13 may 2021 a las 14:07, Bruno Buzzi Brassesco (<
bruno.brasesco at gmail.com>) escribió:

> Hi,
> After reading the SysAdminGuide on encryption I have a couple of questions
> to clarify some concepts:
> 1) Are Tranlogs encrypted with the same key passed as argument to
> startstone ?
> (I think not, from manual:"Transaction logs written by a Stone using
> encrypted extents are written in encrypted form, using the same keypair as
> the extents.")
> Maybe my confusion is with the Sessions keys of each extent...
> 2) If there are multiple extents then which key pair is used to encrypt
> the tranlog ?
> (because each extent has it own key, from manual: "Each extent has its own
> unique session key.")
> regards,
> bruno
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gemtalksystems.com/mailman/private/glass/attachments/20210513/176d00c7/attachment.htm>

More information about the Glass mailing list