Support Questions
Find answers, ask questions, and share your expertise

how to import hadoop keys to Ranger KMS?

how to import hadoop keys to Ranger KMS?

Explorer

Hi,

I am trying to migrate the Hadoop KMS keys to Ranger KMS using the importJCEKSKeys.sh provided under Ranger KMS using the command --> ./importJCEKSKeys.sh /user/kms.keystore jceks

However, when I issue the command, I am getting the following error -->

ERROR RangerKeyStore - Unable to load keystore file java.io.IOException: Keystore was tampered with, or password was incorrect

at com.sun.crypto.provider.JceKeyStore.engineLoad(JceKeyStore.java:865)

at java.security.KeyStore.load(KeyStore.java:1445)

at org.apache.hadoop.crypto.key.RangerKeyStore.engineLoadKeyStoreFile(RangerKeyStore.java:498)

at org.apache.hadoop.crypto.key.JKS2RangerUtil.doImportKeysFromJKS(JKS2RangerUtil.java:94)

at org.apache.hadoop.crypto.key.JKS2RangerUtil.main(JKS2RangerUtil.java:70)

Exception in thread "main" java.lang.RuntimeException: Unable to import keys from [/user/kms.keystore] due to exception.

at org.apache.hadoop.crypto.key.JKS2RangerUtil.doImportKeysFromJKS(JKS2RangerUtil.java:108)

at org.apache.hadoop.crypto.key.JKS2RangerUtil.main(JKS2RangerUtil.java:70)

Caused by: java.io.IOException: java.io.IOException: Keystore was tampered with, or password was incorrect

at

org.apache.hadoop.crypto.key.RangerKeyStore.engineLoadKeyStoreFile(RangerKeyStore.java:546)

at org.apache.hadoop.crypto.key.JKS2RangerUtil.doImportKeysFromJKS(JKS2RangerUtil.java:94)

... 1 more

But I am able to list the keys successfully with out any issues, using the keytool.

2 REPLIES 2

Re: how to import hadoop keys to Ranger KMS?

@Madhavi Amirneni

What version of Java do you have installed? This might be a problem with Jave 8 changing supported encryption techniques. This became an issue past 1.8.0_71, I believe.

Re: how to import hadoop keys to Ranger KMS?

Explorer

@emaxwell,

I am using -- openjdk version "1.8.0_45". So for things to work, which java version should we using or switching to?

Would it work if I just switch it use during the key migration and then switch it back?

Is there any other way to solve this issue?