OpenSearch

History

jaymode 6dbad15e56 always sign messages when message signing is enabled This change allows for messages to be signed when message signing is enabled and a system key is not present. This is accomplished by generating a random key on startup and then using HKDF with HmacSHA1 to generate the keying material to be used to sign the messages. The random key from the originating node is added to the signed message so that the signing key can be derived on the receiving node. When a system key is present, the system key is used for signing and the preexisting behavior is maintained. Closes elastic/elasticsearch#711 Original commit: elastic/x-pack-elasticsearch@c41fdc0ac3	2015-10-14 06:44:22 -04:00
..
private	initial migration of shield	2015-07-13 12:31:34 +02:00
public	always sign messages when message signing is enabled	2015-10-14 06:44:22 -04:00

jaymode 6dbad15e56 always sign messages when message signing is enabled

This change allows for messages to be signed when message signing is enabled and a system
key is not present. This is accomplished by generating a random key on startup and then using
HKDF with HmacSHA1 to generate the keying material to be used to sign the messages. The random
key from the originating node is added to the signed message so that the signing key can be
derived on the receiving node.

When a system key is present, the system key is used for signing and the preexisting behavior
is maintained.

Closes elastic/elasticsearch#711

Original commit: elastic/x-pack-elasticsearch@c41fdc0ac3

2015-10-14 06:44:22 -04:00

private

initial migration of shield

2015-07-13 12:31:34 +02:00

public

always sign messages when message signing is enabled

2015-10-14 06:44:22 -04:00