You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@nifi.apache.org by "David Handermann (Jira)" <ji...@apache.org> on 2021/03/18 19:58:00 UTC
[jira] [Resolved] (NIFI-7905) MergeContent should support
password-protected Zip archives
[ https://issues.apache.org/jira/browse/NIFI-7905?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
David Handermann resolved NIFI-7905.
------------------------------------
Resolution: Won't Fix
The encryption options supported in Zip4J do not meet current best practices for AES encryption using AEAD. Users interested in creating encrypted archives should evaluate other options.
> MergeContent should support password-protected Zip archives
> -----------------------------------------------------------
>
> Key: NIFI-7905
> URL: https://issues.apache.org/jira/browse/NIFI-7905
> Project: Apache NiFi
> Issue Type: Improvement
> Components: Extensions
> Reporter: David Handermann
> Assignee: David Handermann
> Priority: Minor
> Labels: encryption, security, zip
>
> MergeContent should be improved to support creation of password-protected Zip files. NIFI-7777 introduced support of decrypting password-protected Zip files using [Zip4j|http://www.lingala.net/zip4j.html] and the same library can be leveraged to support password-based encryption using either ZipCrypto Standard encryption or AES encryption.
> Following the [Zip File Format Specification|https://pkware.cachefly.net/webdocs/casestudies/APPNOTE.TXT] Appendix E, Zip4J supports AES-CTR with key lengths of either 128 or 256, and uses HMAC-SHA1 for PBKDF2. [WinZip|http://www.winzip.com/aes_info.htm] describes the implementation in more detail under the heading of AE-1 and AE-2 specifications. The Zip4j implementation also appears to limit passwords to ISO-8859-1 characters, which should be checked during property validation.
> ZipCrypto has [known security flaws|https://en.wikipedia.org/wiki/Zip_(file_format)#Encryption], which should be at least mentioned in the property description.
> The implementation should introduce new optional properties for Encryption Password and Encryption Method, listing ZipCrypto, AES-128-CTR and AES-256-CTR as options. The implementation should also write Flow File attributes indicating the cryptographic algorithm used.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)