1 // Licensed to the Apache Software Foundation (ASF) under one
2 // or more contributor license agreements. See the NOTICE file
3 // distributed with this work for additional information
4 // regarding copyright ownership. The ASF licenses this file
5 // to you under the Apache License, Version 2.0 (the
6 // "License"); you may not use this file except in compliance
7 // with the License. You may obtain a copy of the License at
9 // http://www.apache.org/licenses/LICENSE-2.0
11 // Unless required by applicable law or agreed to in writing,
12 // software distributed under the License is distributed on an
13 // "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
14 // KIND, either express or implied. See the License for the
15 // specific language governing permissions and limitations
23 #include "arrow/util/base64.h"
26 namespace encryption
{
28 // In the double wrapping mode, each "data encryption key" (DEK) is encrypted with a “key
29 // encryption key” (KEK), that in turn is encrypted with a "master encryption key" (MEK).
30 // In a writer process, a random KEK is generated for each MEK ID, and cached in a <MEK-ID
31 // : KEK> map. This allows to perform an interaction with a KMS server only once for each
32 // MEK, in order to wrap its KEK. "Data encryption key" (DEK) wrapping is performed
33 // locally, and does not involve an interaction with a KMS server.
34 class KeyEncryptionKey
{
36 KeyEncryptionKey(std::string kek_bytes
, std::string kek_id
,
37 std::string encoded_wrapped_kek
)
38 : kek_bytes_(std::move(kek_bytes
)),
39 kek_id_(std::move(kek_id
)),
40 encoded_kek_id_(::arrow::util::base64_encode(kek_id_
)),
41 encoded_wrapped_kek_(std::move(encoded_wrapped_kek
)) {}
43 const std::string
& kek_bytes() const { return kek_bytes_
; }
45 const std::string
& kek_id() const { return kek_id_
; }
47 const std::string
& encoded_kek_id() const { return encoded_kek_id_
; }
49 const std::string
& encoded_wrapped_kek() const { return encoded_wrapped_kek_
; }
52 std::string kek_bytes_
;
54 std::string encoded_kek_id_
;
55 std::string encoded_wrapped_kek_
;
58 } // namespace encryption
59 } // namespace parquet