<?xml version="1.0"?>
<feed xmlns="http://www.w3.org/2005/Atom" xml:lang="en">
		<id>https://wiki.openstack.org/w/api.php?action=feedcontributions&amp;feedformat=atom&amp;user=Mbj</id>
		<title>OpenStack - User contributions [en]</title>
		<link rel="self" type="application/atom+xml" href="https://wiki.openstack.org/w/api.php?action=feedcontributions&amp;feedformat=atom&amp;user=Mbj"/>
		<link rel="alternate" type="text/html" href="https://wiki.openstack.org/wiki/Special:Contributions/Mbj"/>
		<updated>2026-07-04T17:29:09Z</updated>
		<subtitle>User contributions</subtitle>
		<generator>MediaWiki 1.28.2</generator>

	<entry>
		<id>https://wiki.openstack.org/w/index.php?title=Swift/ideas/keymaster_v2&amp;diff=136968</id>
		<title>Swift/ideas/keymaster v2</title>
		<link rel="alternate" type="text/html" href="https://wiki.openstack.org/w/index.php?title=Swift/ideas/keymaster_v2&amp;diff=136968"/>
				<updated>2016-11-01T08:41:52Z</updated>
		
		<summary type="html">&lt;p&gt;Mbj: Added feedback from Barcelona summit design discussion&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;= Keymaster v2 =&lt;br /&gt;
&lt;br /&gt;
The original keymaster uses a single root encryption secret stored in the proxy server configuration file to generate keys for the accounts, containers and objects, based on the path to the account/container/object.&lt;br /&gt;
&amp;lt;br /&amp;gt;&lt;br /&gt;
&lt;br /&gt;
== Summary of features to be added to the keymaster ==&lt;br /&gt;
&lt;br /&gt;
This design aims to add the following features to the keymaster:&lt;br /&gt;
&amp;lt;br /&amp;gt;&lt;br /&gt;
&lt;br /&gt;
=== Support multiple root encryption keys ===&lt;br /&gt;
&lt;br /&gt;
Supporting multiple root encryption keys includes:&lt;br /&gt;
&lt;br /&gt;
* Ability to switch to a new root encryption key for encrypting new objects&lt;br /&gt;
* Do not implement re-keying/re-wrapping of existing data, but&lt;br /&gt;
* Design and implement changes in a way that would allow for re-keying later&lt;br /&gt;
&amp;lt;br /&amp;gt;&lt;br /&gt;
&lt;br /&gt;
=== Support root encryption keys stored in an external key management server ===&lt;br /&gt;
&lt;br /&gt;
* In practice, a Barbican server accessed using the Castellan library&lt;br /&gt;
* Implementation and tests structured such that someone who does not want Barbican, does not need to install dependencies (e.g., oslo)&lt;br /&gt;
&amp;lt;br /&amp;gt;&lt;br /&gt;
&lt;br /&gt;
=== Support multiple instances of key servers ===&lt;br /&gt;
&lt;br /&gt;
* Multiple locations for locally stored root secrets&lt;br /&gt;
* Multiple external Barbican servers&lt;br /&gt;
&amp;lt;br /&amp;gt;&lt;br /&gt;
&lt;br /&gt;
== System Model ==&lt;br /&gt;
&lt;br /&gt;
[[File:Swift Encryption KeyMaster v2-system model.png|none|left|System model]]&lt;br /&gt;
&lt;br /&gt;
The assumptions regarding the swift storage system are as follows:&lt;br /&gt;
&lt;br /&gt;
* Current Swift administrator is trusted&lt;br /&gt;
* Encryption key storage is trusted and securely erasable, e.g., a key management server backed by an HSM, or removable storage plugged into proxy server&lt;br /&gt;
* Servers (proxy, account, container, object) are trusted, including the processes running in the servers, memory&lt;br /&gt;
* All storage is untrusted&lt;br /&gt;
&amp;lt;br /&amp;gt;&lt;br /&gt;
&lt;br /&gt;
=== Attack scenarios ===&lt;br /&gt;
&lt;br /&gt;
The following attack scenarios are considered and protected against:&lt;br /&gt;
&amp;lt;br /&amp;gt;&lt;br /&gt;
&lt;br /&gt;
Gaining access to decommissioned disks from proxy, account, container, object servers:&lt;br /&gt;
* Encryption keys stored wrapped in the metadata, data not accessible&lt;br /&gt;
* Brute-forcing the encryption keys takes a long time&lt;br /&gt;
* Key rotation can reduce exposure in case a key is brute-forced&lt;br /&gt;
&amp;lt;br /&amp;gt;&lt;br /&gt;
&lt;br /&gt;
Attacker is a former Swift admin with key server credentials, attempts to access keys by connecting to the key management server:&lt;br /&gt;
* Credential rotation when personnel changes limits access to keys&lt;br /&gt;
&amp;lt;br /&amp;gt;&lt;br /&gt;
&lt;br /&gt;
The following threats are not protected against:&lt;br /&gt;
* Malicious Swift admin&lt;br /&gt;
* Attacker gaining administrator access to Swift servers, in addition to the storage&lt;br /&gt;
&lt;br /&gt;
== Motivation ==&lt;br /&gt;
&lt;br /&gt;
The current inability to rotate keys is a limitation&lt;br /&gt;
* PCI DSS requirements state that keys should be rotated every time someone with knowledge of the keys leaves or changes position&lt;br /&gt;
* NIST SP 800-57 says symmetric key encryption keys can have crypto periods up to two years, or as short as a day or a week, depending on the number of keys that are encrypted&lt;br /&gt;
* Also rotate credentials for accessing keys&lt;br /&gt;
&amp;lt;br /&amp;gt;&lt;br /&gt;
&lt;br /&gt;
For secure, cryptographic deletion, the key(s) to be rotated should be the ones stored on securely erasable media:&lt;br /&gt;
* Removable local media&lt;br /&gt;
* External key management server (Barbican)&lt;br /&gt;
&amp;lt;br /&amp;gt;&lt;br /&gt;
&lt;br /&gt;
Re-wrapping of old keys could be deferred, since re-wrapping is technically challenging:&lt;br /&gt;
* As long as we only use a key to encrypt/wrap for a limited amount of time, we can still decrypt for a while before the key needs to be rewrapped&lt;br /&gt;
&amp;lt;br /&amp;gt;&lt;br /&gt;
&lt;br /&gt;
Storing root secret in local storage on proxy server is not great:&lt;br /&gt;
* Pointer to separate config file from proxy-server.conf allows for storing root secret on external media&lt;br /&gt;
* Separating key material from rest of config info might make sense, but leads to yet another indirection&lt;br /&gt;
&amp;lt;br /&amp;gt;&lt;br /&gt;
&lt;br /&gt;
Client-managed / bring your own keys:&lt;br /&gt;
* Keys on different local media, different external key management servers&lt;br /&gt;
* Local media for regular users, HSM-backed Barbican for premium users&lt;br /&gt;
* Client-managed Barbican server per account&lt;br /&gt;
&lt;br /&gt;
== Details on new features ==&lt;br /&gt;
&lt;br /&gt;
=== Support multiple root encryption keys ===&lt;br /&gt;
&lt;br /&gt;
To support multiple root encryption keys, the following is needed:&lt;br /&gt;
* Multiple root encryption keys, e.g., in external key management server; in local configuration file, or; a combination of the two&lt;br /&gt;
* Pointer to the current root encryption key to be used to encryption new data&lt;br /&gt;
* Pointer to a default root encryption key to be used to decrypt data that does not indicate which key should be used; this is needed for backwards compatibility with current implementation&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
The following changes would be made in how the keymaster is configured in keymaster.conf:&lt;br /&gt;
&amp;lt;pre&amp;gt;[keymaster]&lt;br /&gt;
current_root_secret=key3&lt;br /&gt;
default_root_secret=key1&lt;br /&gt;
&lt;br /&gt;
root_secrets=key1,key2,key3&lt;br /&gt;
&lt;br /&gt;
[key1]&lt;br /&gt;
key_material=d2qkoer+g4S+s2tbt1ZKJl9EfMUyMfT9BNdIXU2HI2s=&lt;br /&gt;
&lt;br /&gt;
[key2]&lt;br /&gt;
key_material=3uVi489y9sL2GHHzqNgzJk2f0BnIFIC0SQFuvkdElBY=&lt;br /&gt;
&lt;br /&gt;
[key3]&lt;br /&gt;
key_material=IIQf3dasef1tiqqXUIOYBP/1HKqPiP6V67JKyr8JYqo=&amp;lt;/pre&amp;gt;&lt;br /&gt;
&lt;br /&gt;
The metadata would look like this:&lt;br /&gt;
&amp;lt;pre&amp;gt;X-Object-Sysmeta-Crypto-Body-Meta:&lt;br /&gt;
    {&amp;quot;iv&amp;quot;: body_iv,&lt;br /&gt;
     &amp;quot;cipher&amp;quot;: &amp;quot;AES_CTR_256&amp;quot;,&lt;br /&gt;
     &amp;quot;body_key&amp;quot;: {&amp;quot;key&amp;quot;: wrapped_body_key,&lt;br /&gt;
                  &amp;quot;iv&amp;quot;: body_key_iv},&lt;br /&gt;
     &amp;quot;root_secret_id&amp;quot;: root_secret_id&amp;quot;}&amp;lt;/pre&amp;gt;&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
Where:&lt;br /&gt;
* ''root_secret_id'' is the ID of one of the keys configured in keymaster.conf, e.g., “key3”&lt;br /&gt;
&lt;br /&gt;
=== Support root encryption keys stored on external key management system ===&lt;br /&gt;
&lt;br /&gt;
The configuration of external key management system needs the following parameters:&lt;br /&gt;
* Username, password, other credentials&lt;br /&gt;
* Barbican server host, port&lt;br /&gt;
* Keystone server host, port&lt;br /&gt;
* etc&lt;br /&gt;
&lt;br /&gt;
The above could be configured in keymaster.conf as follows:&lt;br /&gt;
&amp;lt;pre&amp;gt;[keymaster]&lt;br /&gt;
external_key_server=barbicanserver1&lt;br /&gt;
current_root_secret=barbican_key3&lt;br /&gt;
default_root_secret=barbican_key1&lt;br /&gt;
&lt;br /&gt;
root_secrets=barbican_key1,barbican_key2,barbican_key3&lt;br /&gt;
&lt;br /&gt;
[barbicanserver1]&lt;br /&gt;
server_type = barbican&lt;br /&gt;
barbican_username = swift&lt;br /&gt;
barbican_password = swift&lt;br /&gt;
barbican_project_name = service&lt;br /&gt;
barbican_auth_url = http://192.168.50.11:5000/v3&amp;lt;/pre&amp;gt;&lt;br /&gt;
&lt;br /&gt;
The configurations would be referenced in metadata as follows:&lt;br /&gt;
&amp;lt;pre&amp;gt;X-Object-Sysmeta-Crypto-Body-Meta:&lt;br /&gt;
    {&amp;quot;iv&amp;quot;: body_iv,&lt;br /&gt;
     &amp;quot;cipher&amp;quot;: &amp;quot;AES_CTR_256&amp;quot;,&lt;br /&gt;
     &amp;quot;body_key&amp;quot;: {&amp;quot;key&amp;quot;: wrapped_body_key,&lt;br /&gt;
                  &amp;quot;iv&amp;quot;: body_key_iv},&lt;br /&gt;
     &amp;quot;root_secret_id&amp;quot;: root_secret_id}&amp;lt;/pre&amp;gt;&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
Where:&lt;br /&gt;
* ''root_secret_id'' is the ID of one of the keys configured in keymaster.conf, e.g., “key3”&lt;br /&gt;
&lt;br /&gt;
The metadata-changes are the same as before, but keymaster needs to know that ''root_secret_id'' is in Barbican, and not in local storage&lt;br /&gt;
&lt;br /&gt;
=== Support multiple instances of key servers ===&lt;br /&gt;
&lt;br /&gt;
Needed:&lt;br /&gt;
* Separation of configuration for servers and keys&lt;br /&gt;
* Configuration and metadata needs to point to &amp;lt;server,key&amp;gt; tuple&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
The changes to how keys are referenced in keymaster.conf:&lt;br /&gt;
&amp;lt;pre&amp;gt;[keymaster]&lt;br /&gt;
key_servers=barbicanserver1,localfile1&lt;br /&gt;
current_root_secret=barbicanserver1:key3&lt;br /&gt;
default_root_secret=localfile1:key1&lt;br /&gt;
&lt;br /&gt;
[localfile1]&lt;br /&gt;
server_type = localfile&lt;br /&gt;
key_file = /mnt/usb1/swift_keys1.conf&lt;br /&gt;
&lt;br /&gt;
[barbicanserver1]&lt;br /&gt;
server_type = barbican&lt;br /&gt;
barbican_username = swift&lt;br /&gt;
barbican_password = swift&lt;br /&gt;
barbican_project_name = service&lt;br /&gt;
barbican_auth_url = http://192.168.50.11:5000/v3&amp;lt;/pre&amp;gt;&lt;br /&gt;
&lt;br /&gt;
The local keys would be specified as follows in e.g., /mnt/usb1/swift_keys.conf:&lt;br /&gt;
&amp;lt;pre&amp;gt;[key1]&lt;br /&gt;
key_material=d2qkoer+g4S+s2tbt1ZKJl9EfMUyMfT9BNdIXU2HI2s=&lt;br /&gt;
&lt;br /&gt;
[key2]&lt;br /&gt;
key_material=3uVi489y9sL2GHHzqNgzJk2f0BnIFIC0SQFuvkdElBY=&amp;lt;/pre&amp;gt;&lt;br /&gt;
&lt;br /&gt;
The metadata changes would look like this:&lt;br /&gt;
&amp;lt;pre&amp;gt;X-Object-Sysmeta-Crypto-Body-Meta:&lt;br /&gt;
    {&amp;quot;iv&amp;quot;: body_iv,&lt;br /&gt;
     &amp;quot;cipher&amp;quot;: &amp;quot;AES_CTR_256&amp;quot;,&lt;br /&gt;
     &amp;quot;body_key&amp;quot;: {&amp;quot;key&amp;quot;: wrapped_body_key,&lt;br /&gt;
                  &amp;quot;iv&amp;quot;: body_key_iv},&lt;br /&gt;
     &amp;quot;root_secret_id&amp;quot;: server_id:root_secret_id}&amp;lt;/pre&amp;gt;&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
Where:&lt;br /&gt;
* ''root_secret_id'' is the ID of one of the keys configured in keymaster.conf, e.g., “key3”&lt;br /&gt;
* ''server_id'' is one of the servers defined in keymaster.conf, e.g., “barbicanserver1”&lt;br /&gt;
&lt;br /&gt;
== Future Work ==&lt;br /&gt;
&lt;br /&gt;
Rotate existing keys:&lt;br /&gt;
&amp;lt;pre&amp;gt;X-Object-Sysmeta-Crypto-Body-Meta:&lt;br /&gt;
    {&amp;quot;iv&amp;quot;: body_iv,&lt;br /&gt;
     &amp;quot;cipher&amp;quot;: &amp;quot;AES_CTR_256&amp;quot;,&lt;br /&gt;
     &amp;quot;body_key&amp;quot;: {&amp;quot;key&amp;quot;: wrapped_body_key,&lt;br /&gt;
                  &amp;quot;iv&amp;quot;: body_key_iv},&lt;br /&gt;
     &amp;quot;root_secret_id&amp;quot;: server_id:root_secret_id}&amp;lt;/pre&amp;gt;&lt;br /&gt;
&lt;br /&gt;
* Point to new ''server_id:root_secret_id''&lt;br /&gt;
* Replace ''wrapped_body_key'' with the existing body_key, wrapped with the new root key&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
Challenges include eventual consistency, when old key can be deleted&lt;br /&gt;
&lt;br /&gt;
== Barcelona Summit Feedback ==&lt;br /&gt;
&lt;br /&gt;
* Storing the root encryption key on removable media (and removing it after the proxy server has been started) is not advised, since the proxy server may restart/be restarted at any time.&lt;br /&gt;
* Look into using Hashicorp Vault for talking to external key management systems (e.g., AWS) and for auditing key access&lt;br /&gt;
* Concerns regarding storing additional information (e.g., key unique identifier and server identifier) in object metadata. An alternative would be to have keys per epoch, and maintain an epoch-to-key mapping in the keymaster, so lookups can be performed to find the key to use based on the creation time of an object.&lt;br /&gt;
* Storing a key ID in the object metadata could be avoided by storing a wrapped random, immutable key in the container, and use that to derive the object key. Alternatively, the immutable key could be at account level, with the container and object keys being derived from that, similarly to how a/c/o keys are being derived from the root secret now. With these approaches, the benefits from key rotation would be greater than simply rotating the root secret, but key rotation at only account, or account and container level would be more manageable than rewrapping the object keys (just the object key encryption keys, never the body keys used to encrypt the actual object data).&lt;br /&gt;
* Concerns about conditionally importing the castellan/barbican modules in a function in the existing keymaster; an alternative approach would be to have a separate, new keymaster.&lt;br /&gt;
* If adopting a bring-your-own-key (BYOK) approach similar to the one used by Amazon, what happens if the client does not provide a key, but the Swift proxy server has encryption enabled? In this case, we should either use the cluster key to encrypt, or we should always encrypt with the cluster key, and if a BYOK is provided, then there would be two layers of encryption.&lt;br /&gt;
* If no account or container key exists, and two clients create the account/container key at once (on different proxy servers), we need to be able to store both keys, since we may end up with one object encrypted with one key (or a key derived from one key), and another object encrypted with another key.&lt;br /&gt;
* Do not add support for only add new, rotated keys, without at the same time adding support for cleaning up and removing no longer used keys.&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
Contact: mathiasb on IRC.&lt;/div&gt;</summary>
		<author><name>Mbj</name></author>	</entry>

	<entry>
		<id>https://wiki.openstack.org/w/index.php?title=Swift/ideas&amp;diff=135162</id>
		<title>Swift/ideas</title>
		<link rel="alternate" type="text/html" href="https://wiki.openstack.org/w/index.php?title=Swift/ideas&amp;diff=135162"/>
				<updated>2016-10-19T14:05:37Z</updated>
		
		<summary type="html">&lt;p&gt;Mbj: Adding link to keymaster v2 page&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;= Ideas for OpenStack Swift =&lt;br /&gt;
&lt;br /&gt;
This page is a collection of &amp;quot;brain dumps&amp;quot; for ideas about features in OpenStack Swift. If you're working on something, it's a very good idea to write down what you're thinking about. This lets others get up to speed, helps you collaborate, and serves as a great record for future reference. Write down your thoughts somewhere and put a link to it here. It doesn't matter what form your thoughts are in; use whatever is best for you. Your document should include why your idea is needed and your thoughts on particular design choices and tradeoffs. Please include some contact information (ideally, your IRC nick) so that people can collaborate with you.&lt;br /&gt;
&lt;br /&gt;
''Historic &amp;quot;specs&amp;quot; are available at https://specs.openstack.org/openstack/swift-specs/''&lt;br /&gt;
&lt;br /&gt;
== Ideas ==&lt;br /&gt;
&lt;br /&gt;
Format: '''Idea''' -- ''link to your brain dump''&lt;br /&gt;
&lt;br /&gt;
* '''Small file optimization''' -- [[Swift/ideas/small files]]&lt;br /&gt;
* '''Reduce memcache lookups''' -- [[Swift/ideas/memoize lookups]]&lt;br /&gt;
* '''Improve internal network security''' -- [[Swift/ideas/network_security]]&lt;br /&gt;
* '''Metrics around rate-limiting''' -- [[Swift/ideas/ratelimiting_metrics]]&lt;br /&gt;
* '''Hierarchical keymaster''' -- [[Swift/ideas/hierarchical_keymaster]]&lt;br /&gt;
* '''sync_method = repconn''' -- https://etherpad.openstack.org/p/hummingbird-replication-upgrade&lt;br /&gt;
* '''Container Sharding''' -- [https://docs.google.com/document/d/1-0wUnaRf2TTA0KQGk301BPR8-5wzuyA1r4tLSEh-cbw/edit?usp=sharing container-sharding.odt] [https://etherpad.openstack.org/p/container-sharding-SAT-2016 Etherpad notes] [https://trello.com/b/8p2iJ9RR/swift-container-sharding trello] [https://docs.google.com/document/d/16rPdDrT-4G6hcen_6no8cr8KbxUqbcvsSkOfxxu0EBE/edit?usp=sharing Initial locking db shard approach idea]&lt;br /&gt;
* '''High-latency media / Tape support for Swift''' -- [[Swift/HighLatencyMedia]]&lt;br /&gt;
* '''The Archival Storage extension to the Swift API''' -- [https://etherpad.openstack.org/p/high-latency-storage-policy]&lt;br /&gt;
* '''Symlinks''' -- https://etherpad.openstack.org/p/swift_symlinks&lt;br /&gt;
* '''Metadata index (Elasticsearch)''' -- [[Swift/ideas/metadata-sync]]&lt;br /&gt;
* '''Keymaster v2''' -- [[Swift/ideas/keymaster_v2]]&lt;br /&gt;
&lt;br /&gt;
----&lt;br /&gt;
&lt;br /&gt;
[[Category:ObjectStorage]]&lt;/div&gt;</summary>
		<author><name>Mbj</name></author>	</entry>

	<entry>
		<id>https://wiki.openstack.org/w/index.php?title=Swift/ideas/keymaster_v2&amp;diff=135161</id>
		<title>Swift/ideas/keymaster v2</title>
		<link rel="alternate" type="text/html" href="https://wiki.openstack.org/w/index.php?title=Swift/ideas/keymaster_v2&amp;diff=135161"/>
				<updated>2016-10-19T14:03:51Z</updated>
		
		<summary type="html">&lt;p&gt;Mbj: Swift keymaster v2 proposal for discussion at Barcelona design summit&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;= Keymaster v2 =&lt;br /&gt;
&lt;br /&gt;
The original keymaster uses a single root encryption secret stored in the proxy server configuration file to generate keys for the accounts, containers and objects, based on the path to the account/container/object.&lt;br /&gt;
&amp;lt;br /&amp;gt;&lt;br /&gt;
&lt;br /&gt;
== Summary of features to be added to the keymaster ==&lt;br /&gt;
&lt;br /&gt;
This design aims to add the following features to the keymaster:&lt;br /&gt;
&amp;lt;br /&amp;gt;&lt;br /&gt;
&lt;br /&gt;
=== Support multiple root encryption keys ===&lt;br /&gt;
&lt;br /&gt;
Supporting multiple root encryption keys includes:&lt;br /&gt;
&lt;br /&gt;
* Ability to switch to a new root encryption key for encrypting new objects&lt;br /&gt;
* Do not implement re-keying/re-wrapping of existing data, but&lt;br /&gt;
* Design and implement changes in a way that would allow for re-keying later&lt;br /&gt;
&amp;lt;br /&amp;gt;&lt;br /&gt;
&lt;br /&gt;
=== Support root encryption keys stored in an external key management server ===&lt;br /&gt;
&lt;br /&gt;
* In practice, a Barbican server accessed using the Castellan library&lt;br /&gt;
* Implementation and tests structured such that someone who does not want Barbican, does not need to install dependencies (e.g., oslo)&lt;br /&gt;
&amp;lt;br /&amp;gt;&lt;br /&gt;
&lt;br /&gt;
=== Support multiple instances of key servers ===&lt;br /&gt;
&lt;br /&gt;
* Multiple locations for locally stored root secrets&lt;br /&gt;
* Multiple external Barbican servers&lt;br /&gt;
&amp;lt;br /&amp;gt;&lt;br /&gt;
&lt;br /&gt;
== System Model ==&lt;br /&gt;
&lt;br /&gt;
[[File:Swift Encryption KeyMaster v2-system model.png|none|left|System model]]&lt;br /&gt;
&lt;br /&gt;
The assumptions regarding the swift storage system are as follows:&lt;br /&gt;
&lt;br /&gt;
* Current Swift administrator is trusted&lt;br /&gt;
* Encryption key storage is trusted and securely erasable, e.g., a key management server backed by an HSM, or removable storage plugged into proxy server&lt;br /&gt;
* Servers (proxy, account, container, object) are trusted, including the processes running in the servers, memory&lt;br /&gt;
* All storage is untrusted&lt;br /&gt;
&amp;lt;br /&amp;gt;&lt;br /&gt;
&lt;br /&gt;
=== Attack scenarios ===&lt;br /&gt;
&lt;br /&gt;
The following attack scenarios are considered and protected against:&lt;br /&gt;
&amp;lt;br /&amp;gt;&lt;br /&gt;
&lt;br /&gt;
Gaining access to decommissioned disks from proxy, account, container, object servers:&lt;br /&gt;
* Encryption keys stored wrapped in the metadata, data not accessible&lt;br /&gt;
* Brute-forcing the encryption keys takes a long time&lt;br /&gt;
* Key rotation can reduce exposure in case a key is brute-forced&lt;br /&gt;
&amp;lt;br /&amp;gt;&lt;br /&gt;
&lt;br /&gt;
Attacker is a former Swift admin with key server credentials, attempts to access keys by connecting to the key management server:&lt;br /&gt;
* Credential rotation when personnel changes limits access to keys&lt;br /&gt;
&amp;lt;br /&amp;gt;&lt;br /&gt;
&lt;br /&gt;
The following threats are not protected against:&lt;br /&gt;
* Malicious Swift admin&lt;br /&gt;
* Attacker gaining administrator access to Swift servers, in addition to the storage&lt;br /&gt;
&lt;br /&gt;
== Motivation ==&lt;br /&gt;
&lt;br /&gt;
The current inability to rotate keys is a limitation&lt;br /&gt;
* PCI DSS requirements state that keys should be rotated every time someone with knowledge of the keys leaves or changes position&lt;br /&gt;
* NIST SP 800-57 says symmetric key encryption keys can have crypto periods up to two years, or as short as a day or a week, depending on the number of keys that are encrypted&lt;br /&gt;
* Also rotate credentials for accessing keys&lt;br /&gt;
&amp;lt;br /&amp;gt;&lt;br /&gt;
&lt;br /&gt;
For secure, cryptographic deletion, the key(s) to be rotated should be the ones stored on securely erasable media:&lt;br /&gt;
* Removable local media&lt;br /&gt;
* External key management server (Barbican)&lt;br /&gt;
&amp;lt;br /&amp;gt;&lt;br /&gt;
&lt;br /&gt;
Re-wrapping of old keys could be deferred, since re-wrapping is technically challenging:&lt;br /&gt;
* As long as we only use a key to encrypt/wrap for a limited amount of time, we can still decrypt for a while before the key needs to be rewrapped&lt;br /&gt;
&amp;lt;br /&amp;gt;&lt;br /&gt;
&lt;br /&gt;
Storing root secret in local storage on proxy server is not great:&lt;br /&gt;
* Pointer to separate config file from proxy-server.conf allows for storing root secret on external media&lt;br /&gt;
* Separating key material from rest of config info might make sense, but leads to yet another indirection&lt;br /&gt;
&amp;lt;br /&amp;gt;&lt;br /&gt;
&lt;br /&gt;
Client-managed / bring your own keys:&lt;br /&gt;
* Keys on different local media, different external key management servers&lt;br /&gt;
* Local media for regular users, HSM-backed Barbican for premium users&lt;br /&gt;
* Client-managed Barbican server per account&lt;br /&gt;
&lt;br /&gt;
== Details on new features ==&lt;br /&gt;
&lt;br /&gt;
=== Support multiple root encryption keys ===&lt;br /&gt;
&lt;br /&gt;
To support multiple root encryption keys, the following is needed:&lt;br /&gt;
* Multiple root encryption keys, e.g., in external key management server; in local configuration file, or; a combination of the two&lt;br /&gt;
* Pointer to the current root encryption key to be used to encryption new data&lt;br /&gt;
* Pointer to a default root encryption key to be used to decrypt data that does not indicate which key should be used; this is needed for backwards compatibility with current implementation&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
The following changes would be made in how the keymaster is configured in keymaster.conf:&lt;br /&gt;
&amp;lt;pre&amp;gt;[keymaster]&lt;br /&gt;
current_root_secret=key3&lt;br /&gt;
default_root_secret=key1&lt;br /&gt;
&lt;br /&gt;
root_secrets=key1,key2,key3&lt;br /&gt;
&lt;br /&gt;
[key1]&lt;br /&gt;
key_material=d2qkoer+g4S+s2tbt1ZKJl9EfMUyMfT9BNdIXU2HI2s=&lt;br /&gt;
&lt;br /&gt;
[key2]&lt;br /&gt;
key_material=3uVi489y9sL2GHHzqNgzJk2f0BnIFIC0SQFuvkdElBY=&lt;br /&gt;
&lt;br /&gt;
[key3]&lt;br /&gt;
key_material=IIQf3dasef1tiqqXUIOYBP/1HKqPiP6V67JKyr8JYqo=&amp;lt;/pre&amp;gt;&lt;br /&gt;
&lt;br /&gt;
The metadata would look like this:&lt;br /&gt;
&amp;lt;pre&amp;gt;X-Object-Sysmeta-Crypto-Body-Meta:&lt;br /&gt;
    {&amp;quot;iv&amp;quot;: body_iv,&lt;br /&gt;
     &amp;quot;cipher&amp;quot;: &amp;quot;AES_CTR_256&amp;quot;,&lt;br /&gt;
     &amp;quot;body_key&amp;quot;: {&amp;quot;key&amp;quot;: wrapped_body_key,&lt;br /&gt;
                  &amp;quot;iv&amp;quot;: body_key_iv},&lt;br /&gt;
     &amp;quot;root_secret_id&amp;quot;: root_secret_id&amp;quot;}&amp;lt;/pre&amp;gt;&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
Where:&lt;br /&gt;
* ''root_secret_id'' is the ID of one of the keys configured in keymaster.conf, e.g., “key3”&lt;br /&gt;
&lt;br /&gt;
=== Support root encryption keys stored on external key management system ===&lt;br /&gt;
&lt;br /&gt;
The configuration of external key management system needs the following parameters:&lt;br /&gt;
* Username, password, other credentials&lt;br /&gt;
* Barbican server host, port&lt;br /&gt;
* Keystone server host, port&lt;br /&gt;
* etc&lt;br /&gt;
&lt;br /&gt;
The above could be configured in keymaster.conf as follows:&lt;br /&gt;
&amp;lt;pre&amp;gt;[keymaster]&lt;br /&gt;
external_key_server=barbicanserver1&lt;br /&gt;
current_root_secret=barbican_key3&lt;br /&gt;
default_root_secret=barbican_key1&lt;br /&gt;
&lt;br /&gt;
root_secrets=barbican_key1,barbican_key2,barbican_key3&lt;br /&gt;
&lt;br /&gt;
[barbicanserver1]&lt;br /&gt;
server_type = barbican&lt;br /&gt;
barbican_username = swift&lt;br /&gt;
barbican_password = swift&lt;br /&gt;
barbican_project_name = service&lt;br /&gt;
barbican_auth_url = http://192.168.50.11:5000/v3&amp;lt;/pre&amp;gt;&lt;br /&gt;
&lt;br /&gt;
The configurations would be referenced in metadata as follows:&lt;br /&gt;
&amp;lt;pre&amp;gt;X-Object-Sysmeta-Crypto-Body-Meta:&lt;br /&gt;
    {&amp;quot;iv&amp;quot;: body_iv,&lt;br /&gt;
     &amp;quot;cipher&amp;quot;: &amp;quot;AES_CTR_256&amp;quot;,&lt;br /&gt;
     &amp;quot;body_key&amp;quot;: {&amp;quot;key&amp;quot;: wrapped_body_key,&lt;br /&gt;
                  &amp;quot;iv&amp;quot;: body_key_iv},&lt;br /&gt;
     &amp;quot;root_secret_id&amp;quot;: root_secret_id}&amp;lt;/pre&amp;gt;&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
Where:&lt;br /&gt;
* ''root_secret_id'' is the ID of one of the keys configured in keymaster.conf, e.g., “key3”&lt;br /&gt;
&lt;br /&gt;
The metadata-changes are the same as before, but keymaster needs to know that ''root_secret_id'' is in Barbican, and not in local storage&lt;br /&gt;
&lt;br /&gt;
=== Support multiple instances of key servers ===&lt;br /&gt;
&lt;br /&gt;
Needed:&lt;br /&gt;
* Separation of configuration for servers and keys&lt;br /&gt;
* Configuration and metadata needs to point to &amp;lt;server,key&amp;gt; tuple&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
The changes to how keys are referenced in keymaster.conf:&lt;br /&gt;
&amp;lt;pre&amp;gt;[keymaster]&lt;br /&gt;
key_servers=barbicanserver1,localfile1&lt;br /&gt;
current_root_secret=barbicanserver1:key3&lt;br /&gt;
default_root_secret=localfile1:key1&lt;br /&gt;
&lt;br /&gt;
[localfile1]&lt;br /&gt;
server_type = localfile&lt;br /&gt;
key_file = /mnt/usb1/swift_keys1.conf&lt;br /&gt;
&lt;br /&gt;
[barbicanserver1]&lt;br /&gt;
server_type = barbican&lt;br /&gt;
barbican_username = swift&lt;br /&gt;
barbican_password = swift&lt;br /&gt;
barbican_project_name = service&lt;br /&gt;
barbican_auth_url = http://192.168.50.11:5000/v3&amp;lt;/pre&amp;gt;&lt;br /&gt;
&lt;br /&gt;
The local keys would be specified as follows in e.g., /mnt/usb1/swift_keys.conf:&lt;br /&gt;
&amp;lt;pre&amp;gt;[key1]&lt;br /&gt;
key_material=d2qkoer+g4S+s2tbt1ZKJl9EfMUyMfT9BNdIXU2HI2s=&lt;br /&gt;
&lt;br /&gt;
[key2]&lt;br /&gt;
key_material=3uVi489y9sL2GHHzqNgzJk2f0BnIFIC0SQFuvkdElBY=&amp;lt;/pre&amp;gt;&lt;br /&gt;
&lt;br /&gt;
The metadata changes would look like this:&lt;br /&gt;
&amp;lt;pre&amp;gt;X-Object-Sysmeta-Crypto-Body-Meta:&lt;br /&gt;
    {&amp;quot;iv&amp;quot;: body_iv,&lt;br /&gt;
     &amp;quot;cipher&amp;quot;: &amp;quot;AES_CTR_256&amp;quot;,&lt;br /&gt;
     &amp;quot;body_key&amp;quot;: {&amp;quot;key&amp;quot;: wrapped_body_key,&lt;br /&gt;
                  &amp;quot;iv&amp;quot;: body_key_iv},&lt;br /&gt;
     &amp;quot;root_secret_id&amp;quot;: server_id:root_secret_id}&amp;lt;/pre&amp;gt;&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
Where:&lt;br /&gt;
* ''root_secret_id'' is the ID of one of the keys configured in keymaster.conf, e.g., “key3”&lt;br /&gt;
* ''server_id'' is one of the servers defined in keymaster.conf, e.g., “barbicanserver1”&lt;br /&gt;
&lt;br /&gt;
== Future Work ==&lt;br /&gt;
&lt;br /&gt;
Rotate existing keys:&lt;br /&gt;
&amp;lt;pre&amp;gt;X-Object-Sysmeta-Crypto-Body-Meta:&lt;br /&gt;
    {&amp;quot;iv&amp;quot;: body_iv,&lt;br /&gt;
     &amp;quot;cipher&amp;quot;: &amp;quot;AES_CTR_256&amp;quot;,&lt;br /&gt;
     &amp;quot;body_key&amp;quot;: {&amp;quot;key&amp;quot;: wrapped_body_key,&lt;br /&gt;
                  &amp;quot;iv&amp;quot;: body_key_iv},&lt;br /&gt;
     &amp;quot;root_secret_id&amp;quot;: server_id:root_secret_id}&amp;lt;/pre&amp;gt;&lt;br /&gt;
&lt;br /&gt;
* Point to new ''server_id:root_secret_id''&lt;br /&gt;
* Replace ''wrapped_body_key'' with the existing body_key, wrapped with the new root key&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
Challenges include eventual consistency, when old key can be deleted&lt;br /&gt;
&lt;br /&gt;
Contact: mathiasb on IRC.&lt;/div&gt;</summary>
		<author><name>Mbj</name></author>	</entry>

	<entry>
		<id>https://wiki.openstack.org/w/index.php?title=File:Swift_Encryption_KeyMaster_v2-system_model.png&amp;diff=135159</id>
		<title>File:Swift Encryption KeyMaster v2-system model.png</title>
		<link rel="alternate" type="text/html" href="https://wiki.openstack.org/w/index.php?title=File:Swift_Encryption_KeyMaster_v2-system_model.png&amp;diff=135159"/>
				<updated>2016-10-19T13:54:37Z</updated>
		
		<summary type="html">&lt;p&gt;Mbj: &lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;Swift keymaster v2 system model&lt;/div&gt;</summary>
		<author><name>Mbj</name></author>	</entry>

	<entry>
		<id>https://wiki.openstack.org/w/index.php?title=Swift/ideas&amp;diff=127656</id>
		<title>Swift/ideas</title>
		<link rel="alternate" type="text/html" href="https://wiki.openstack.org/w/index.php?title=Swift/ideas&amp;diff=127656"/>
				<updated>2016-07-05T14:02:24Z</updated>
		
		<summary type="html">&lt;p&gt;Mbj: Adding link to hierarchical keymaster page&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;= Ideas for OpenStack Swift =&lt;br /&gt;
&lt;br /&gt;
This page is a collection of &amp;quot;brain dumps&amp;quot; for ideas about features in OpenStack Swift. If you're working on something, it's a very good idea to write down what you're thinking about. This lets others get up to speed, helps you collaborate, and serves as a great record for future reference. Write down your thoughts somewhere and put a link to it here. It doesn't matter what form your thoughts are in; use whatever is best for you. Your document should include why your idea is needed and your thoughts on particular design choices and tradeoffs. Please include some contact information (ideally, your IRC nick) so that people can collaborate with you.&lt;br /&gt;
&lt;br /&gt;
''Historic &amp;quot;specs&amp;quot; are available at https://specs.openstack.org/openstack/swift-specs/''&lt;br /&gt;
&lt;br /&gt;
== Ideas ==&lt;br /&gt;
&lt;br /&gt;
Format: '''Idea''' -- ''link to your brain dump''&lt;br /&gt;
&lt;br /&gt;
* '''Small file optimization''' -- [[Swift/ideas/small files]]&lt;br /&gt;
* '''Reduce memcache lookups''' -- [[Swift/ideas/memoize lookups]]&lt;br /&gt;
* '''Improve internal network security''' -- [[Swift/ideas/network_security]]&lt;br /&gt;
* '''Metrics around rate-limiting''' -- [[Swift/ideas/ratelimiting_metrics]]&lt;br /&gt;
* '''Hierarchical keymaster''' -- [[Swift/ideas/hierarchical_keymaster]]&lt;br /&gt;
&lt;br /&gt;
----&lt;br /&gt;
&lt;br /&gt;
[[Category:ObjectStorage]]&lt;/div&gt;</summary>
		<author><name>Mbj</name></author>	</entry>

	<entry>
		<id>https://wiki.openstack.org/w/index.php?title=Swift/ideas/hierarchical_keymaster&amp;diff=127655</id>
		<title>Swift/ideas/hierarchical keymaster</title>
		<link rel="alternate" type="text/html" href="https://wiki.openstack.org/w/index.php?title=Swift/ideas/hierarchical_keymaster&amp;diff=127655"/>
				<updated>2016-07-05T14:01:05Z</updated>
		
		<summary type="html">&lt;p&gt;Mbj: Initial version of hierarchical keymaster for swift&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;= Hierarchical Keymaster =&lt;br /&gt;
&lt;br /&gt;
The encryption functionality recently merged into the swift master branch has the following features:&lt;br /&gt;
&lt;br /&gt;
* Keymaster providing the keys, encrypter and decrypter functionality in the encryption filter in the wsgi pipeline&lt;br /&gt;
* Static root secret in the proxy-server.conf file&lt;br /&gt;
* Encryption keys for containers and objects derived using the root secret and the path of the container and object&lt;br /&gt;
* Randomly generated body key used to encrypt the actual object data, and body key wrapped with object key provided by keymaster&lt;br /&gt;
* Container and object keys provided by the keymaster for encrypting metadata&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
As an extension to this encryption functionality, hereafter known as the base functionality, this proposal contains a high-level design of a hierarchical&lt;br /&gt;
keymaster that provides functionality such as:&lt;br /&gt;
&lt;br /&gt;
* Root secret stored in an external key management system such as Barbican&lt;br /&gt;
* Randomly generated data encryption keys (DEKs) for accounts, containers, objects (commonly referred to as entities), which are provided by the hierarchical keymaster to the encrypter and decrypter functionality provided by the base. The DEKs are generated once at creation time of the entities, and are never changed.&lt;br /&gt;
* Randomly generated key encryption keys (KEKs) that are used to wrap the DEKs, and which are stored in the metadata of the entity that they protect.&lt;br /&gt;
* Each KEK is wrapped by the KEK in the next-highest level in the hierarchy (e.g., an object KEK is wrapped by the KEK of its container), with the account KEK being wrapped with the root secret.&lt;br /&gt;
* Key rotation can be performed on the KEKs as a way of providing cryptographic, secure deletion of user data.&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
The hierarchical keymaster is designed to be a drop-in replacement for the base keymaster when configuring an encryption environment - in particular, the base encryption and decryption functionality, along with which data is and is not to be encrypted, will not change.&lt;br /&gt;
&lt;br /&gt;
The work on the functionality described above can be separated into three parts:&lt;br /&gt;
&lt;br /&gt;
# Support for storing a root secret key in Barbican, while still deriving the other keys (container, object) based on the path, as in the base implementation.&lt;br /&gt;
# Root secret in Barbican, and randomly generated KEKs and DEKs stored in the entity metadata.&lt;br /&gt;
# Support for rotating the root secret and KEKs (secure deletion)&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
Some of the main challenges that have been identified in earlier discussions are:&lt;br /&gt;
&lt;br /&gt;
* Using client-controlled keys, e.g., in Barbican, while preserving the API. This impacts e.g., container-sync and other background processes, which will not have the necessary client credentials required to access the key(s).&lt;br /&gt;
* Using random keys, since for some scenarios, it is then necessary to retrieve metadata from the object server (using &amp;amp;quot;HEAD&amp;amp;quot;), which incurs a performance penalty. In particular, this impacts update operations (&amp;amp;quot;POSTs&amp;amp;quot;) and conditional GETs.&lt;br /&gt;
* Eventual consistency brings challenges to the key rotation, since it is difficult, or even impossible, to conclude that an object is no longer encrypted with an old key.&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
== Root secret in Barbican ==&lt;br /&gt;
&lt;br /&gt;
The first step in moving towards a hierarchical keymaster with support for key rotation, is providing a mechanism for storing the root secret somewhere else than in the proxy-server.conf configuration file. The base keymaster is replaced with a new secdel_keymaster in the WSGI pipeline, and the system also needs to be configured with a Barbican URL, e.g.:&lt;br /&gt;
&lt;br /&gt;
&amp;lt;pre&amp;gt;... secdel_keymaster encryption proxy-logging proxy-server&lt;br /&gt;
&lt;br /&gt;
[filter:secdel_keymaster]&lt;br /&gt;
use = egg:swift#secdel_keymaster&lt;br /&gt;
barbican_url = http://192.168.50.11:9311/v1&amp;lt;/pre&amp;gt;&lt;br /&gt;
Internally, the secdel_keymaster retrieves a root secret key from Barbican, or if one does not exist, one is created and stored in Barbican. The lookup is done using a name generated from, among others, the project ID.&lt;br /&gt;
&lt;br /&gt;
Alternatively, the account key could (also) be stored in Barbican, which may facilitate future moves to BYOK.&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
=== Considerations ===&lt;br /&gt;
&lt;br /&gt;
For a BYOK deployment, the Barbican key could be one provided by the user(s), in which case it could still be a root secret (in case there is one user per cluster), or an account secret (for a one user per account scenario). With BYOK, additional questions regarding the configuration, addition of new API calls and/or modification of existing ones etc. need to be answered.&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
== Randomly generated keys ==&lt;br /&gt;
&lt;br /&gt;
The next step is using randomly generated keys, both for the DEKs provided by the secdel_keymaster to the encrypter and decrypter, as well as for the KEKs that are used to wrap the DEKs and the lower-level KEKs. The pair KEK-DEK is termed an entity key, and an entity key also contains the parent KEK ID, i.e., the ID of the key used to wrap the KEK of the entity key. The ID of the entity keys are uunique identifiers in the UUID1 format. In particular, the ID needs to have the following properties:&lt;br /&gt;
&lt;br /&gt;
* Be unique, so that e.g., multiple proxy nodes do not need to coordinate for creating the IDs, which would be the case for IDs based on incrementing counters.&lt;br /&gt;
* Contain a timestamp, so that it can be determined which is the most recent key.&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
The keys are stored in the metadata of the entity in the following secdel-metadata format:&lt;br /&gt;
&lt;br /&gt;
&amp;lt;pre&amp;gt;X-&amp;amp;lt;Entity&amp;amp;gt;-[Transient-]-Sysmeta-Secdelkeywrapinfo:&lt;br /&gt;
  { uuid1 :&lt;br /&gt;
    { &amp;amp;quot;kek_wrapping_key_id&amp;amp;quot; : wrapping_key_uuid1,&lt;br /&gt;
      &amp;amp;quot;kek_payload&amp;amp;quot; : wrapped_kek_material1,&lt;br /&gt;
      &amp;amp;quot;dek_payload&amp;amp;quot; : wrapped_dek_material1&lt;br /&gt;
    },&lt;br /&gt;
    uuid2 :&lt;br /&gt;
    { &amp;amp;quot;kek_wrapping_key_id&amp;amp;quot; : wrapping_key_uuid2,&lt;br /&gt;
      &amp;amp;quot;kek_payload&amp;amp;quot; : wrapped_kek_material2,&lt;br /&gt;
      &amp;amp;quot;dek_payload&amp;amp;quot; : wrapped_dek_material2&lt;br /&gt;
    }&lt;br /&gt;
  }&amp;lt;/pre&amp;gt;&lt;br /&gt;
Where uuidN is the unique identifier of the Nth entity key. In addition to using IDs to identify which wrapping keys are used for wrapping and unwrapping, the wrapping algorithm itself also should contain integrity checking so that attempts to unwrap a key with the wrong wrapping key are caught already at the time of unwrapping, and the error is not propagated to the end user in the form of corrupted user data. This can be achieved e.g., by using AES key wrap (see RFC3394).&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
=== Key Generation for Encryption ===&lt;br /&gt;
&lt;br /&gt;
When creating a new entity, an entity key is generated. The KEK of the entity key is chosen to be KEK of the most recent entity key of the next-higher level.&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
=== Key Retrieval for Decryption ===&lt;br /&gt;
&lt;br /&gt;
When retrieving an entity, the secdel-metadata is retrieved and the kek wrapping key ID is read to determine the ID of the KEK used to wrap the entity KEK. This is done for all higher-level entities, all the way up to the unwrapped root secret. Once all the necessary entity keys have been gathered, the unwrapping is performed from the root secret all the way down to the entity being retrieved.&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
=== Considerations ===&lt;br /&gt;
&lt;br /&gt;
The secdel-metadata from the response headers are needed by the secdel-keymaster to be able to determine the wrapping keys and to retrieve the key material necessary for unwrapping the entity DEKs for providing to the decrypter. The secdel-metadata is provided through the callback function to the keymaster, which is called by the decrypter to retrieve the keys.&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
== Key rotation ==&lt;br /&gt;
&lt;br /&gt;
Key rotation of the root secret and entity KEKs is to be used to be able to securely delete user data. To rotate the root secret and all KEKs, effectively securely deleting all user data whose keys are not rotated, the following actions are performed:&lt;br /&gt;
&lt;br /&gt;
&amp;lt;pre&amp;gt;Create a new root secret&lt;br /&gt;
For each account:&lt;br /&gt;
  Unwrap the DEK from the latest entity key&lt;br /&gt;
  Create a new account KEK, use it to wrap the DEK&lt;br /&gt;
  Wrap the new account KEK with the new root secret&lt;br /&gt;
  Store the new account entity key along the existing ones in secdel-metadata&lt;br /&gt;
  Repeat for each container, and each object in containers&amp;lt;/pre&amp;gt;&lt;br /&gt;
During the key rotation process, entities are accessible using either new or old keys. Once the key rotation process is complete, the old keys can be deleted from the secdel-metadata and Barbican.&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
=== Considerations ===&lt;br /&gt;
&lt;br /&gt;
The following points need to be addressed for the key rotation:&lt;br /&gt;
&lt;br /&gt;
* How to efficiently update secdel-metadata in all entities?&lt;br /&gt;
* How to know when the key rotation process (creation of new keys, deletion of old keys) has completed?&lt;br /&gt;
* How to trigger the (starting, finalization) key rotation (background) process?&lt;br /&gt;
* How is the access control/account information provided to the (background) process that rotates the keys?&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
Contact: mathiasb, kmARC, jrichli on IRC&lt;/div&gt;</summary>
		<author><name>Mbj</name></author>	</entry>

	</feed>