Fixed Issues in Ranger KMS
Review the list of Ranger KMS issues that are resolved in CDP Private Cloud Base 7.3.1.
- OPSAPS-70657: KEYTRUSTEE_SERVER & RANGER_KMS_KTS migration to RANGER_KMS from CDP 7.1.x to UCL
- KEYTRUSTEE_SERVER and RANGER_KMS_KTS services are not supported starting from the CDP 7.3.1.0 release. Therefore added validation and confirmation messages to the CM upgrade wizard to alert the user to migrate KEYTRUSTEE_SERVER keys to RANGER_KMS before upgrading to CDP 7.3.1.0 release.
- OPSAPS-70656: Remove KEYTRUSTEE_SERVER & RANGER_KMS_KTS from CM for UCL
- The Keytrustee components - KEYTRUSTEE_SERVER and RANGER_KMS_KTS services are not supported starting from the CDP 7.3.1.0 release. These services cannot be installed or managed with CM 7.13.1.0 using CDP 7.3.1.0.
- CDPD-19186: Replacement of algorithm PBEWithMD5AndTripleDES for Ranger KMS key operations
- Support for PBKDF2WithHmacSHA256 is added in KMS.
Code to decrypt the Masterkey and all Zonekeys using the older algorithm and then re-encrypt it using the latest algorithm is implemented.