Open z-kovacs opened 1 year ago
@z-kovacs You have indicated that you are willing to submit a PR for this issue. Do you have an existing code fix for this issue that you want to submit for review?
@z-kovacs You have indicated that you are willing to submit a PR for this issue. Do you have an existing code fix for this issue that you want to submit for review?
@david-streamlio - I am working on the PR, hopefully I can present it soon.
The issue had no activity for 30 days, mark with Stale label.
Search before asking
Motivation
my firm would like to use Pulsar but using Bouncycastle FIPS approved libs in approved mode for E2E encryption.
Currently the
MessageCryptoBc
is the onlyMessageCrypto
implementation (non FIPS), and it is explicitly referenced fromProducerImpl
andConsumerImpl
- unless overridden.I think it would be greate if someone adds an encryption key and a CryptoKeyReader, based on the loaded modules pulsar would use the fips or non-fips implementation. As related job has been done in pulsar to separate out different version (non-fips or fips) of BouncyCastle dependencies, we could expand on it.
Solution
An idea about the tasks:
org.apache.pulsar:pulsar-client-messagecrypto-bcfips
module (pulsar-client-messagecrypto-bc
already exists).Alternatives
n/a
Anything else?
Notes:
Are you willing to submit a PR?