Functional Description

The Hydra service is a key fragment storage system. The Hydra clients provides methods to generate encryption keys, split them and stores them to Hydra services. The reason to split the encryption key is so that it can not be recovered one piece only, i.e. if one of the Hydra server gets compromised, an attacker cannot recover the full key. The keys are split using a specific algorithm that is fault-tolerant. This means the encryption key can be reconstructed if at least some (predefined) count of the pieces can be found (this is normally more than one but less than all). Thus even if one Hydra service does not work, the key can be reconstructed from the rest of the pieces.

When used in conjunction with Grid storage elements the Hydra clients may encrypt and store files on normal storage elements. The storage elements are NOT a part of the Hydra service - any storage element supported by the GFAL library can be used.

Hydra Server

The Hydra server consists of a MySQL database and a Tomcat server which runs the actual hydra software (java). The Hydra server stores only the key fragments and related ACL information into the MySQL database. It does NOT store any files.

Hydra Clients

The Hydra clients are a series of command-line based executables that allow various key and file encryption operations.

glite-eds-chmod changes the ACLs on a key.

glite-eds-get gets a file from a storage element.

glite-eds-key-unregister unregisters a key from Hydra service(s).

glite-eds-setacl Set the ACL on a key.

glite-eds-decrypt decrypts a file using a reconstructed key.

glite-eds-getacl Show the ACL of a key.

glite-eds-put Put a file into a storage element. Encrypted or not.

glite-eds-encrypt encrypts a file using a reconstructed key.

glite-eds-key-register registers a key to Hydra services. Sends the key fragments to the services.

glite-eds-rm Remove a file from a storage element.

-- JohnWhite - 25-Oct-2012

Edit | Attach | Watch | Print version | History: r2 < r1 | Backlinks | Raw View | WYSIWYG | More topic actions
Topic revision: r2 - 2012-10-26 - JohnWhite
 
    • Cern Search Icon Cern Search
    • TWiki Search Icon TWiki Search
    • Google Search Icon Google Search

    EMI All webs login

This site is powered by the TWiki collaboration platform Powered by PerlCopyright & 2008-2020 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback