RANGER-5435: Change the default KMS ZoneKey length from 128 to 256 (#902)

vikaskr22 · web-flow · commit 70138c40cd66 · 2026-04-01T15:53:35.000+05:30
diff --git a/kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMS.java b/kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMS.java
@@ -80,6 +80,7 @@ public class KMS {
     private static final String KEY_NAME_VALIDATION     = "[a-z,A-Z,0-9](?!.*--)(?!.*__)(?!.*-_)(?!.*_-)[\\w\\-\\_]*";
     private static final int    MAX_NUM_PER_BATCH       = 10000;
     private static final String GENERATE_DEK_PATH_CONST = "_dek";
+    private static final int    DEFAULT_KEY_SIZE        = 256;
 
     private final KeyProviderCryptoExtension provider;
     private final KMSAudit                   kmsAudit;
@@ -113,7 +114,7 @@ public Response createKey(Map jsonKey, @Context HttpServletRequest request) thro
 
             final String cipher      = (String) jsonKey.get(KMSRESTConstants.CIPHER_FIELD);
             final String material    = (String) jsonKey.get(KMSRESTConstants.MATERIAL_FIELD);
-            final int    length      = (jsonKey.containsKey(KMSRESTConstants.LENGTH_FIELD)) ? (Integer) jsonKey.get(KMSRESTConstants.LENGTH_FIELD) : 0;
+            final int    length      = (jsonKey.containsKey(KMSRESTConstants.LENGTH_FIELD)) ? (Integer) jsonKey.get(KMSRESTConstants.LENGTH_FIELD) : DEFAULT_KEY_SIZE;
             final String description = (String) jsonKey.get(KMSRESTConstants.DESCRIPTION_FIELD);
 
             LOG.debug("Creating key: name={}, cipher={}, keyLength={}, description={}", name, cipher, length, description);
diff --git a/security-admin/src/main/java/org/apache/ranger/view/VXKmsKey.java b/security-admin/src/main/java/org/apache/ranger/view/VXKmsKey.java
@@ -48,7 +48,7 @@ public class VXKmsKey extends VXDataObject implements java.io.Serializable {
     /**
      * Length
      */
-    protected int    length;
+    protected int    length = 256;
     /**
      * Description
      */
diff --git a/security-admin/src/main/webapp/react-webapp/src/views/Encryption/KeyCreate.jsx b/security-admin/src/main/webapp/react-webapp/src/views/Encryption/KeyCreate.jsx
@@ -242,7 +242,7 @@ function KeyCreate(props) {
         initialValues={{
           attributes: [{ name: "", value: "" }],
           cipher: "AES/CTR/NoPadding",
-          length: "128"
+          length: "256"
         }}
         render={({
           handleSubmit,
