Nifi 1.16.1 migration failed for encrypted of sensitive values

[sanjeet rath <ra...@gmail.com>]

Hi ,

I am facing one issue in migration from 1.12 to 1.16.1 .
I have created one 1.16.1 cluster.And copied flow.xml , authoriser and
authorisation user file my previous 1.12 version of cluster to this new
cluster.

When I am starting the cluster with all the keystone password in authoriser
and loginidentifer and nifi sensitive key value unencrypted in nifi
properties file. Then cluster came without any issue.

When I am encrypting using keytool , all the properties are succefully
encrypted. How ever while starting the cluster getting one error

Error in creating bean with name ‘authoriser’ factory bean threw exception
on object creation nested exception is org.apache.nifi.project.
Senstivepropertyprotectionexception: protection scheme  [aes/gcm/256] is
not supported.

Any hint is really helpful as trying from last 2 days.

Thanks and regards
Sanjeet




-- 
Sanjeet Kumar Rath,
mob- +91 8777577470

Re: Nifi 1.16.1 migration failed for encrypted of sensitive values

[David Handermann <ex...@apache.org>]

Sanjeet,

Thanks for the confirmation, glad to hear the workaround resolved the
problem!

I have created the following Jira issue to correct the protection scheme
resolver:

https://issues.apache.org/jira/browse/NIFI-9988

Regards,
David Handermann

On Wed, May 4, 2022 at 12:40 PM sanjeet rath <ra...@gmail.com> wrote:

> Thanks David, it worked after the suggested manual changes in both the
> files.
>
> Thanks a lot for the help
> Sanjeet
>
> On Wed, 4 May 2022 at 10:24 PM, David Handermann <
> exceptionfactory@apache.org> wrote:
>
>> Hi Sanjeet,
>>
>> Following up on my previous reply, the potential workaround would
>> actually require changing "aes/gcm/256" to "AES_GCM". I am looking into
>> addressing this problem in a Jira issue.
>>
>> Regards,
>> David Handermann
>>
>> On Wed, May 4, 2022 at 11:41 AM David Handermann <
>> exceptionfactory@apache.org> wrote:
>>
>>> Hi Sanjeet,
>>>
>>> Reviewing the implementation related to the error message you provided,
>>> it looks like this could be a bug with decrypting values in authorizers.xml.
>>>
>>> As a workaround, can you try manually editing authorizers.xml and
>>> login-identity-providers.xml, changing "aes/gcm/256" to just "aes/gcm"?
>>>
>>> The protection scheme resolver should match the standard value, but
>>> there may be a problem with the comparison of encryption scheme names.
>>> Changing the "encryption" attribute value to "aes/gcm" may work around the
>>> problem, but it sounds like this may need to be addressed in a Jira issue.
>>>
>>> Regards,
>>> David Handermann
>>>
>>> On Wed, May 4, 2022 at 11:22 AM sanjeet rath <ra...@gmail.com>
>>> wrote:
>>>
>>>> Hi Isha,
>>>>
>>>> We are using same java instalation.
>>>>
>>>> Our java version is open idk 11.
>>>>
>>>> In the same system only we are able to encrypt aes/gcm/256 for our old
>>>> 1.12.1 nifi version.
>>>>
>>>> Thanks,
>>>> Sanjeet
>>>>
>>>>
>>>> On Wed, 4 May 2022 at 8:40 PM, Isha Lamboo <
>>>> isha.lamboo@virtualsciences.nl> wrote:
>>>>
>>>>> Hi Sanjeeth,
>>>>>
>>>>>
>>>>>
>>>>> Are you performing the toolkit encryption using the same java
>>>>> installation that’s running the NiFi server?
>>>>>
>>>>>
>>>>>
>>>>> If not, you may be running into problems because of encryption
>>>>> limitations on the java version on your NiFi server.
>>>>>
>>>>> I think AES256 needs the “Unlimited Strength Encryption” policy and
>>>>> that may not be enabled (or even allowed to be enabled in your country).
>>>>>
>>>>>
>>>>>
>>>>> If you run the toolkit with the same java installation as the server,
>>>>> you can verify this. It should either use aes/gcm/128 or give the same
>>>>> error if it tries to use aes/gcm/256.
>>>>>
>>>>>
>>>>>
>>>>> Another thing to check is whether you’re using Java 8-251 or newer as
>>>>> the migration guidance states.
>>>>>
>>>>>
>>>>>
>>>>> Regards,
>>>>>
>>>>>
>>>>>
>>>>> Isha
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> *Van:* sanjeet rath <ra...@gmail.com>
>>>>> *Verzonden:* woensdag 4 mei 2022 17:09
>>>>> *Aan:* users@nifi.apache.org
>>>>> *Onderwerp:* Re: Nifi 1.16.1 migration failed for encrypted of
>>>>> sensitive values
>>>>>
>>>>>
>>>>>
>>>>> Thanks Pierre for the quick response. I have followed the same doc and
>>>>> this is the 3rd version upgrade I am doing for nifi.
>>>>>
>>>>>
>>>>>
>>>>> Actually if u see the last line of the error it looks like aes/gcm/256
>>>>> is not supported.
>>>>>
>>>>>
>>>>>
>>>>> So if you could point something I am doing wrong for this specific
>>>>> 1.16.1 version then it would be really helpful for me.
>>>>>
>>>>>
>>>>>
>>>>> Thanks,
>>>>>
>>>>> Sanjeet
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> On Wed, 4 May 2022 at 8:20 PM, Pierre Villard <
>>>>> pierre.villard.fr@gmail.com> wrote:
>>>>>
>>>>> Hi,
>>>>>
>>>>>
>>>>>
>>>>> I recommend reading the migration guidance documentation:
>>>>>
>>>>> https://cwiki.apache.org/confluence/display/NIFI/Migration+Guidance
>>>>> <https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fcwiki.apache.org%2Fconfluence%2Fdisplay%2FNIFI%2FMigration%2BGuidance&data=05%7C01%7Cisha.lamboo%40virtualsciences.nl%7Ca6cf25040df64db1d3c908da2de0058f%7C21429da9e4ad45f99a6fcd126a64274b%7C0%7C0%7C637872737450174797%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=GMsVs2HdwuGzny9ty2yfXgr0593suh0l1ULuErpvWlw%3D&reserved=0>
>>>>>
>>>>>
>>>>>
>>>>> HTH,
>>>>>
>>>>> Pierre
>>>>>
>>>>>
>>>>>
>>>>> Le mer. 4 mai 2022 à 16:46, sanjeet rath <ra...@gmail.com> a
>>>>> écrit :
>>>>>
>>>>> Hi ,
>>>>>
>>>>>
>>>>>
>>>>> I am facing one issue in migration from 1.12 to 1.16.1 .
>>>>>
>>>>> I have created one 1.16.1 cluster.And copied flow.xml , authoriser and
>>>>> authorisation user file my previous 1.12 version of cluster to this new
>>>>> cluster.
>>>>>
>>>>>
>>>>>
>>>>> When I am starting the cluster with all the keystone password in
>>>>> authoriser and loginidentifer and nifi sensitive key value unencrypted in
>>>>> nifi properties file. Then cluster came without any issue.
>>>>>
>>>>>
>>>>>
>>>>> When I am encrypting using keytool , all the properties are succefully
>>>>> encrypted. How ever while starting the cluster getting one error
>>>>>
>>>>>
>>>>>
>>>>> Error in creating bean with name ‘authoriser’ factory bean threw
>>>>> exception on object creation nested exception is org.apache.nifi.project.
>>>>> Senstivepropertyprotectionexception: protection scheme  [aes/gcm/256] is
>>>>> not supported.
>>>>>
>>>>>
>>>>>
>>>>> Any hint is really helpful as trying from last 2 days.
>>>>>
>>>>>
>>>>>
>>>>> Thanks and regards
>>>>>
>>>>> Sanjeet
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> --
>>>>>
>>>>> Sanjeet Kumar Rath,
>>>>> mob- +91 8777577470
>>>>>
>>>>> --
>>>>>
>>>>> Sanjeet Kumar Rath,
>>>>> mob- +91 8777577470
>>>>>
>>>> --
>>>> Sanjeet Kumar Rath,
>>>> mob- +91 8777577470
>>>>
>>>> --
> Sanjeet Kumar Rath,
> mob- +91 8777577470
>
>

Re: Nifi 1.16.1 migration failed for encrypted of sensitive values

[sanjeet rath <ra...@gmail.com>]

Thanks David, it worked after the suggested manual changes in both the
files.

Thanks a lot for the help
Sanjeet

On Wed, 4 May 2022 at 10:24 PM, David Handermann <
exceptionfactory@apache.org> wrote:

> Hi Sanjeet,
>
> Following up on my previous reply, the potential workaround would actually
> require changing "aes/gcm/256" to "AES_GCM". I am looking into addressing
> this problem in a Jira issue.
>
> Regards,
> David Handermann
>
> On Wed, May 4, 2022 at 11:41 AM David Handermann <
> exceptionfactory@apache.org> wrote:
>
>> Hi Sanjeet,
>>
>> Reviewing the implementation related to the error message you provided,
>> it looks like this could be a bug with decrypting values in authorizers.xml.
>>
>> As a workaround, can you try manually editing authorizers.xml and
>> login-identity-providers.xml, changing "aes/gcm/256" to just "aes/gcm"?
>>
>> The protection scheme resolver should match the standard value, but there
>> may be a problem with the comparison of encryption scheme names.  Changing
>> the "encryption" attribute value to "aes/gcm" may work around the problem,
>> but it sounds like this may need to be addressed in a Jira issue.
>>
>> Regards,
>> David Handermann
>>
>> On Wed, May 4, 2022 at 11:22 AM sanjeet rath <ra...@gmail.com>
>> wrote:
>>
>>> Hi Isha,
>>>
>>> We are using same java instalation.
>>>
>>> Our java version is open idk 11.
>>>
>>> In the same system only we are able to encrypt aes/gcm/256 for our old
>>> 1.12.1 nifi version.
>>>
>>> Thanks,
>>> Sanjeet
>>>
>>>
>>> On Wed, 4 May 2022 at 8:40 PM, Isha Lamboo <
>>> isha.lamboo@virtualsciences.nl> wrote:
>>>
>>>> Hi Sanjeeth,
>>>>
>>>>
>>>>
>>>> Are you performing the toolkit encryption using the same java
>>>> installation that’s running the NiFi server?
>>>>
>>>>
>>>>
>>>> If not, you may be running into problems because of encryption
>>>> limitations on the java version on your NiFi server.
>>>>
>>>> I think AES256 needs the “Unlimited Strength Encryption” policy and
>>>> that may not be enabled (or even allowed to be enabled in your country).
>>>>
>>>>
>>>>
>>>> If you run the toolkit with the same java installation as the server,
>>>> you can verify this. It should either use aes/gcm/128 or give the same
>>>> error if it tries to use aes/gcm/256.
>>>>
>>>>
>>>>
>>>> Another thing to check is whether you’re using Java 8-251 or newer as
>>>> the migration guidance states.
>>>>
>>>>
>>>>
>>>> Regards,
>>>>
>>>>
>>>>
>>>> Isha
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> *Van:* sanjeet rath <ra...@gmail.com>
>>>> *Verzonden:* woensdag 4 mei 2022 17:09
>>>> *Aan:* users@nifi.apache.org
>>>> *Onderwerp:* Re: Nifi 1.16.1 migration failed for encrypted of
>>>> sensitive values
>>>>
>>>>
>>>>
>>>> Thanks Pierre for the quick response. I have followed the same doc and
>>>> this is the 3rd version upgrade I am doing for nifi.
>>>>
>>>>
>>>>
>>>> Actually if u see the last line of the error it looks like aes/gcm/256
>>>> is not supported.
>>>>
>>>>
>>>>
>>>> So if you could point something I am doing wrong for this specific
>>>> 1.16.1 version then it would be really helpful for me.
>>>>
>>>>
>>>>
>>>> Thanks,
>>>>
>>>> Sanjeet
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> On Wed, 4 May 2022 at 8:20 PM, Pierre Villard <
>>>> pierre.villard.fr@gmail.com> wrote:
>>>>
>>>> Hi,
>>>>
>>>>
>>>>
>>>> I recommend reading the migration guidance documentation:
>>>>
>>>> https://cwiki.apache.org/confluence/display/NIFI/Migration+Guidance
>>>> <https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fcwiki.apache.org%2Fconfluence%2Fdisplay%2FNIFI%2FMigration%2BGuidance&data=05%7C01%7Cisha.lamboo%40virtualsciences.nl%7Ca6cf25040df64db1d3c908da2de0058f%7C21429da9e4ad45f99a6fcd126a64274b%7C0%7C0%7C637872737450174797%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=GMsVs2HdwuGzny9ty2yfXgr0593suh0l1ULuErpvWlw%3D&reserved=0>
>>>>
>>>>
>>>>
>>>> HTH,
>>>>
>>>> Pierre
>>>>
>>>>
>>>>
>>>> Le mer. 4 mai 2022 à 16:46, sanjeet rath <ra...@gmail.com> a
>>>> écrit :
>>>>
>>>> Hi ,
>>>>
>>>>
>>>>
>>>> I am facing one issue in migration from 1.12 to 1.16.1 .
>>>>
>>>> I have created one 1.16.1 cluster.And copied flow.xml , authoriser and
>>>> authorisation user file my previous 1.12 version of cluster to this new
>>>> cluster.
>>>>
>>>>
>>>>
>>>> When I am starting the cluster with all the keystone password in
>>>> authoriser and loginidentifer and nifi sensitive key value unencrypted in
>>>> nifi properties file. Then cluster came without any issue.
>>>>
>>>>
>>>>
>>>> When I am encrypting using keytool , all the properties are succefully
>>>> encrypted. How ever while starting the cluster getting one error
>>>>
>>>>
>>>>
>>>> Error in creating bean with name ‘authoriser’ factory bean threw
>>>> exception on object creation nested exception is org.apache.nifi.project.
>>>> Senstivepropertyprotectionexception: protection scheme  [aes/gcm/256] is
>>>> not supported.
>>>>
>>>>
>>>>
>>>> Any hint is really helpful as trying from last 2 days.
>>>>
>>>>
>>>>
>>>> Thanks and regards
>>>>
>>>> Sanjeet
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> --
>>>>
>>>> Sanjeet Kumar Rath,
>>>> mob- +91 8777577470
>>>>
>>>> --
>>>>
>>>> Sanjeet Kumar Rath,
>>>> mob- +91 8777577470
>>>>
>>> --
>>> Sanjeet Kumar Rath,
>>> mob- +91 8777577470
>>>
>>> --
Sanjeet Kumar Rath,
mob- +91 8777577470

Re: Nifi 1.16.1 migration failed for encrypted of sensitive values

[David Handermann <ex...@apache.org>]

Hi Sanjeet,

Following up on my previous reply, the potential workaround would actually
require changing "aes/gcm/256" to "AES_GCM". I am looking into addressing
this problem in a Jira issue.

Regards,
David Handermann

On Wed, May 4, 2022 at 11:41 AM David Handermann <
exceptionfactory@apache.org> wrote:

> Hi Sanjeet,
>
> Reviewing the implementation related to the error message you provided, it
> looks like this could be a bug with decrypting values in authorizers.xml.
>
> As a workaround, can you try manually editing authorizers.xml and
> login-identity-providers.xml, changing "aes/gcm/256" to just "aes/gcm"?
>
> The protection scheme resolver should match the standard value, but there
> may be a problem with the comparison of encryption scheme names.  Changing
> the "encryption" attribute value to "aes/gcm" may work around the problem,
> but it sounds like this may need to be addressed in a Jira issue.
>
> Regards,
> David Handermann
>
> On Wed, May 4, 2022 at 11:22 AM sanjeet rath <ra...@gmail.com>
> wrote:
>
>> Hi Isha,
>>
>> We are using same java instalation.
>>
>> Our java version is open idk 11.
>>
>> In the same system only we are able to encrypt aes/gcm/256 for our old
>> 1.12.1 nifi version.
>>
>> Thanks,
>> Sanjeet
>>
>>
>> On Wed, 4 May 2022 at 8:40 PM, Isha Lamboo <
>> isha.lamboo@virtualsciences.nl> wrote:
>>
>>> Hi Sanjeeth,
>>>
>>>
>>>
>>> Are you performing the toolkit encryption using the same java
>>> installation that’s running the NiFi server?
>>>
>>>
>>>
>>> If not, you may be running into problems because of encryption
>>> limitations on the java version on your NiFi server.
>>>
>>> I think AES256 needs the “Unlimited Strength Encryption” policy and that
>>> may not be enabled (or even allowed to be enabled in your country).
>>>
>>>
>>>
>>> If you run the toolkit with the same java installation as the server,
>>> you can verify this. It should either use aes/gcm/128 or give the same
>>> error if it tries to use aes/gcm/256.
>>>
>>>
>>>
>>> Another thing to check is whether you’re using Java 8-251 or newer as
>>> the migration guidance states.
>>>
>>>
>>>
>>> Regards,
>>>
>>>
>>>
>>> Isha
>>>
>>>
>>>
>>>
>>>
>>> *Van:* sanjeet rath <ra...@gmail.com>
>>> *Verzonden:* woensdag 4 mei 2022 17:09
>>> *Aan:* users@nifi.apache.org
>>> *Onderwerp:* Re: Nifi 1.16.1 migration failed for encrypted of
>>> sensitive values
>>>
>>>
>>>
>>> Thanks Pierre for the quick response. I have followed the same doc and
>>> this is the 3rd version upgrade I am doing for nifi.
>>>
>>>
>>>
>>> Actually if u see the last line of the error it looks like aes/gcm/256
>>> is not supported.
>>>
>>>
>>>
>>> So if you could point something I am doing wrong for this specific
>>> 1.16.1 version then it would be really helpful for me.
>>>
>>>
>>>
>>> Thanks,
>>>
>>> Sanjeet
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>> On Wed, 4 May 2022 at 8:20 PM, Pierre Villard <
>>> pierre.villard.fr@gmail.com> wrote:
>>>
>>> Hi,
>>>
>>>
>>>
>>> I recommend reading the migration guidance documentation:
>>>
>>> https://cwiki.apache.org/confluence/display/NIFI/Migration+Guidance
>>> <https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fcwiki.apache.org%2Fconfluence%2Fdisplay%2FNIFI%2FMigration%2BGuidance&data=05%7C01%7Cisha.lamboo%40virtualsciences.nl%7Ca6cf25040df64db1d3c908da2de0058f%7C21429da9e4ad45f99a6fcd126a64274b%7C0%7C0%7C637872737450174797%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=GMsVs2HdwuGzny9ty2yfXgr0593suh0l1ULuErpvWlw%3D&reserved=0>
>>>
>>>
>>>
>>> HTH,
>>>
>>> Pierre
>>>
>>>
>>>
>>> Le mer. 4 mai 2022 à 16:46, sanjeet rath <ra...@gmail.com> a
>>> écrit :
>>>
>>> Hi ,
>>>
>>>
>>>
>>> I am facing one issue in migration from 1.12 to 1.16.1 .
>>>
>>> I have created one 1.16.1 cluster.And copied flow.xml , authoriser and
>>> authorisation user file my previous 1.12 version of cluster to this new
>>> cluster.
>>>
>>>
>>>
>>> When I am starting the cluster with all the keystone password in
>>> authoriser and loginidentifer and nifi sensitive key value unencrypted in
>>> nifi properties file. Then cluster came without any issue.
>>>
>>>
>>>
>>> When I am encrypting using keytool , all the properties are succefully
>>> encrypted. How ever while starting the cluster getting one error
>>>
>>>
>>>
>>> Error in creating bean with name ‘authoriser’ factory bean threw
>>> exception on object creation nested exception is org.apache.nifi.project.
>>> Senstivepropertyprotectionexception: protection scheme  [aes/gcm/256] is
>>> not supported.
>>>
>>>
>>>
>>> Any hint is really helpful as trying from last 2 days.
>>>
>>>
>>>
>>> Thanks and regards
>>>
>>> Sanjeet
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>> --
>>>
>>> Sanjeet Kumar Rath,
>>> mob- +91 8777577470
>>>
>>> --
>>>
>>> Sanjeet Kumar Rath,
>>> mob- +91 8777577470
>>>
>> --
>> Sanjeet Kumar Rath,
>> mob- +91 8777577470
>>
>>

Re: Nifi 1.16.1 migration failed for encrypted of sensitive values

[David Handermann <ex...@apache.org>]

Hi Sanjeet,

Reviewing the implementation related to the error message you provided, it
looks like this could be a bug with decrypting values in authorizers.xml.

As a workaround, can you try manually editing authorizers.xml and
login-identity-providers.xml, changing "aes/gcm/256" to just "aes/gcm"?

The protection scheme resolver should match the standard value, but there
may be a problem with the comparison of encryption scheme names.  Changing
the "encryption" attribute value to "aes/gcm" may work around the problem,
but it sounds like this may need to be addressed in a Jira issue.

Regards,
David Handermann

On Wed, May 4, 2022 at 11:22 AM sanjeet rath <ra...@gmail.com> wrote:

> Hi Isha,
>
> We are using same java instalation.
>
> Our java version is open idk 11.
>
> In the same system only we are able to encrypt aes/gcm/256 for our old
> 1.12.1 nifi version.
>
> Thanks,
> Sanjeet
>
>
> On Wed, 4 May 2022 at 8:40 PM, Isha Lamboo <is...@virtualsciences.nl>
> wrote:
>
>> Hi Sanjeeth,
>>
>>
>>
>> Are you performing the toolkit encryption using the same java
>> installation that’s running the NiFi server?
>>
>>
>>
>> If not, you may be running into problems because of encryption
>> limitations on the java version on your NiFi server.
>>
>> I think AES256 needs the “Unlimited Strength Encryption” policy and that
>> may not be enabled (or even allowed to be enabled in your country).
>>
>>
>>
>> If you run the toolkit with the same java installation as the server, you
>> can verify this. It should either use aes/gcm/128 or give the same error if
>> it tries to use aes/gcm/256.
>>
>>
>>
>> Another thing to check is whether you’re using Java 8-251 or newer as the
>> migration guidance states.
>>
>>
>>
>> Regards,
>>
>>
>>
>> Isha
>>
>>
>>
>>
>>
>> *Van:* sanjeet rath <ra...@gmail.com>
>> *Verzonden:* woensdag 4 mei 2022 17:09
>> *Aan:* users@nifi.apache.org
>> *Onderwerp:* Re: Nifi 1.16.1 migration failed for encrypted of sensitive
>> values
>>
>>
>>
>> Thanks Pierre for the quick response. I have followed the same doc and
>> this is the 3rd version upgrade I am doing for nifi.
>>
>>
>>
>> Actually if u see the last line of the error it looks like aes/gcm/256 is
>> not supported.
>>
>>
>>
>> So if you could point something I am doing wrong for this specific 1.16.1
>> version then it would be really helpful for me.
>>
>>
>>
>> Thanks,
>>
>> Sanjeet
>>
>>
>>
>>
>>
>>
>>
>> On Wed, 4 May 2022 at 8:20 PM, Pierre Villard <
>> pierre.villard.fr@gmail.com> wrote:
>>
>> Hi,
>>
>>
>>
>> I recommend reading the migration guidance documentation:
>>
>> https://cwiki.apache.org/confluence/display/NIFI/Migration+Guidance
>> <https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fcwiki.apache.org%2Fconfluence%2Fdisplay%2FNIFI%2FMigration%2BGuidance&data=05%7C01%7Cisha.lamboo%40virtualsciences.nl%7Ca6cf25040df64db1d3c908da2de0058f%7C21429da9e4ad45f99a6fcd126a64274b%7C0%7C0%7C637872737450174797%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=GMsVs2HdwuGzny9ty2yfXgr0593suh0l1ULuErpvWlw%3D&reserved=0>
>>
>>
>>
>> HTH,
>>
>> Pierre
>>
>>
>>
>> Le mer. 4 mai 2022 à 16:46, sanjeet rath <ra...@gmail.com> a
>> écrit :
>>
>> Hi ,
>>
>>
>>
>> I am facing one issue in migration from 1.12 to 1.16.1 .
>>
>> I have created one 1.16.1 cluster.And copied flow.xml , authoriser and
>> authorisation user file my previous 1.12 version of cluster to this new
>> cluster.
>>
>>
>>
>> When I am starting the cluster with all the keystone password in
>> authoriser and loginidentifer and nifi sensitive key value unencrypted in
>> nifi properties file. Then cluster came without any issue.
>>
>>
>>
>> When I am encrypting using keytool , all the properties are succefully
>> encrypted. How ever while starting the cluster getting one error
>>
>>
>>
>> Error in creating bean with name ‘authoriser’ factory bean threw
>> exception on object creation nested exception is org.apache.nifi.project.
>> Senstivepropertyprotectionexception: protection scheme  [aes/gcm/256] is
>> not supported.
>>
>>
>>
>> Any hint is really helpful as trying from last 2 days.
>>
>>
>>
>> Thanks and regards
>>
>> Sanjeet
>>
>>
>>
>>
>>
>>
>>
>>
>>
>> --
>>
>> Sanjeet Kumar Rath,
>> mob- +91 8777577470
>>
>> --
>>
>> Sanjeet Kumar Rath,
>> mob- +91 8777577470
>>
> --
> Sanjeet Kumar Rath,
> mob- +91 8777577470
>
>

Re: Nifi 1.16.1 migration failed for encrypted of sensitive values

[sanjeet rath <ra...@gmail.com>]

Hi Isha,

We are using same java instalation.

Our java version is open idk 11.

In the same system only we are able to encrypt aes/gcm/256 for our old
1.12.1 nifi version.

Thanks,
Sanjeet


On Wed, 4 May 2022 at 8:40 PM, Isha Lamboo <is...@virtualsciences.nl>
wrote:

> Hi Sanjeeth,
>
>
>
> Are you performing the toolkit encryption using the same java installation
> that’s running the NiFi server?
>
>
>
> If not, you may be running into problems because of encryption limitations
> on the java version on your NiFi server.
>
> I think AES256 needs the “Unlimited Strength Encryption” policy and that
> may not be enabled (or even allowed to be enabled in your country).
>
>
>
> If you run the toolkit with the same java installation as the server, you
> can verify this. It should either use aes/gcm/128 or give the same error if
> it tries to use aes/gcm/256.
>
>
>
> Another thing to check is whether you’re using Java 8-251 or newer as the
> migration guidance states.
>
>
>
> Regards,
>
>
>
> Isha
>
>
>
>
>
> *Van:* sanjeet rath <ra...@gmail.com>
> *Verzonden:* woensdag 4 mei 2022 17:09
> *Aan:* users@nifi.apache.org
> *Onderwerp:* Re: Nifi 1.16.1 migration failed for encrypted of sensitive
> values
>
>
>
> Thanks Pierre for the quick response. I have followed the same doc and
> this is the 3rd version upgrade I am doing for nifi.
>
>
>
> Actually if u see the last line of the error it looks like aes/gcm/256 is
> not supported.
>
>
>
> So if you could point something I am doing wrong for this specific 1.16.1
> version then it would be really helpful for me.
>
>
>
> Thanks,
>
> Sanjeet
>
>
>
>
>
>
>
> On Wed, 4 May 2022 at 8:20 PM, Pierre Villard <pi...@gmail.com>
> wrote:
>
> Hi,
>
>
>
> I recommend reading the migration guidance documentation:
>
> https://cwiki.apache.org/confluence/display/NIFI/Migration+Guidance
> <https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fcwiki.apache.org%2Fconfluence%2Fdisplay%2FNIFI%2FMigration%2BGuidance&data=05%7C01%7Cisha.lamboo%40virtualsciences.nl%7Ca6cf25040df64db1d3c908da2de0058f%7C21429da9e4ad45f99a6fcd126a64274b%7C0%7C0%7C637872737450174797%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=GMsVs2HdwuGzny9ty2yfXgr0593suh0l1ULuErpvWlw%3D&reserved=0>
>
>
>
> HTH,
>
> Pierre
>
>
>
> Le mer. 4 mai 2022 à 16:46, sanjeet rath <ra...@gmail.com> a
> écrit :
>
> Hi ,
>
>
>
> I am facing one issue in migration from 1.12 to 1.16.1 .
>
> I have created one 1.16.1 cluster.And copied flow.xml , authoriser and
> authorisation user file my previous 1.12 version of cluster to this new
> cluster.
>
>
>
> When I am starting the cluster with all the keystone password in
> authoriser and loginidentifer and nifi sensitive key value unencrypted in
> nifi properties file. Then cluster came without any issue.
>
>
>
> When I am encrypting using keytool , all the properties are succefully
> encrypted. How ever while starting the cluster getting one error
>
>
>
> Error in creating bean with name ‘authoriser’ factory bean threw exception
> on object creation nested exception is org.apache.nifi.project.
> Senstivepropertyprotectionexception: protection scheme  [aes/gcm/256] is
> not supported.
>
>
>
> Any hint is really helpful as trying from last 2 days.
>
>
>
> Thanks and regards
>
> Sanjeet
>
>
>
>
>
>
>
>
>
> --
>
> Sanjeet Kumar Rath,
> mob- +91 8777577470
>
> --
>
> Sanjeet Kumar Rath,
> mob- +91 8777577470
>
-- 
Sanjeet Kumar Rath,
mob- +91 8777577470

RE: Nifi 1.16.1 migration failed for encrypted of sensitive values

[Isha Lamboo <is...@virtualsciences.nl>]

Hi Sanjeeth,

Are you performing the toolkit encryption using the same java installation that’s running the NiFi server?

If not, you may be running into problems because of encryption limitations on the java version on your NiFi server.
I think AES256 needs the “Unlimited Strength Encryption” policy and that may not be enabled (or even allowed to be enabled in your country).

If you run the toolkit with the same java installation as the server, you can verify this. It should either use aes/gcm/128 or give the same error if it tries to use aes/gcm/256.

Another thing to check is whether you’re using Java 8-251 or newer as the migration guidance states.

Regards,

Isha


Van: sanjeet rath <ra...@gmail.com>
Verzonden: woensdag 4 mei 2022 17:09
Aan: users@nifi.apache.org
Onderwerp: Re: Nifi 1.16.1 migration failed for encrypted of sensitive values

Thanks Pierre for the quick response. I have followed the same doc and this is the 3rd version upgrade I am doing for nifi.

Actually if u see the last line of the error it looks like aes/gcm/256 is not supported.

So if you could point something I am doing wrong for this specific 1.16.1 version then it would be really helpful for me.

Thanks,
Sanjeet



On Wed, 4 May 2022 at 8:20 PM, Pierre Villard <pi...@gmail.com>> wrote:
Hi,

I recommend reading the migration guidance documentation:
https://cwiki.apache.org/confluence/display/NIFI/Migration+Guidance<https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fcwiki.apache.org%2Fconfluence%2Fdisplay%2FNIFI%2FMigration%2BGuidance&data=05%7C01%7Cisha.lamboo%40virtualsciences.nl%7Ca6cf25040df64db1d3c908da2de0058f%7C21429da9e4ad45f99a6fcd126a64274b%7C0%7C0%7C637872737450174797%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=GMsVs2HdwuGzny9ty2yfXgr0593suh0l1ULuErpvWlw%3D&reserved=0>

HTH,
Pierre

Le mer. 4 mai 2022 à 16:46, sanjeet rath <ra...@gmail.com>> a écrit :
Hi ,

I am facing one issue in migration from 1.12 to 1.16.1 .
I have created one 1.16.1 cluster.And copied flow.xml , authoriser and authorisation user file my previous 1.12 version of cluster to this new cluster.

When I am starting the cluster with all the keystone password in authoriser and loginidentifer and nifi sensitive key value unencrypted in nifi properties file. Then cluster came without any issue.

When I am encrypting using keytool , all the properties are succefully encrypted. How ever while starting the cluster getting one error

Error in creating bean with name ‘authoriser’ factory bean threw exception on object creation nested exception is org.apache.nifi.project. Senstivepropertyprotectionexception: protection scheme  [aes/gcm/256] is not supported.

Any hint is really helpful as trying from last 2 days.

Thanks and regards
Sanjeet




--
Sanjeet Kumar Rath,
mob- +91 8777577470
--
Sanjeet Kumar Rath,
mob- +91 8777577470

Re: Nifi 1.16.1 migration failed for encrypted of sensitive values

[sanjeet rath <ra...@gmail.com>]

Thanks Pierre for the quick response. I have followed the same doc and this
is the 3rd version upgrade I am doing for nifi.

Actually if u see the last line of the error it looks like aes/gcm/256 is
not supported.

So if you could point something I am doing wrong for this specific 1.16.1
version then it would be really helpful for me.

Thanks,
Sanjeet



On Wed, 4 May 2022 at 8:20 PM, Pierre Villard <pi...@gmail.com>
wrote:

> Hi,
>
> I recommend reading the migration guidance documentation:
> https://cwiki.apache.org/confluence/display/NIFI/Migration+Guidance
>
> HTH,
> Pierre
>
> Le mer. 4 mai 2022 à 16:46, sanjeet rath <ra...@gmail.com> a
> écrit :
>
>> Hi ,
>>
>> I am facing one issue in migration from 1.12 to 1.16.1 .
>> I have created one 1.16.1 cluster.And copied flow.xml , authoriser and
>> authorisation user file my previous 1.12 version of cluster to this new
>> cluster.
>>
>> When I am starting the cluster with all the keystone password in
>> authoriser and loginidentifer and nifi sensitive key value unencrypted in
>> nifi properties file. Then cluster came without any issue.
>>
>> When I am encrypting using keytool , all the properties are succefully
>> encrypted. How ever while starting the cluster getting one error
>>
>> Error in creating bean with name ‘authoriser’ factory bean threw
>> exception on object creation nested exception is org.apache.nifi.project.
>> Senstivepropertyprotectionexception: protection scheme  [aes/gcm/256] is
>> not supported.
>>
>> Any hint is really helpful as trying from last 2 days.
>>
>> Thanks and regards
>> Sanjeet
>>
>>
>>
>>
>> --
>> Sanjeet Kumar Rath,
>> mob- +91 8777577470
>>
>> --
Sanjeet Kumar Rath,
mob- +91 8777577470

Re: Nifi 1.16.1 migration failed for encrypted of sensitive values

[Pierre Villard <pi...@gmail.com>]

Hi,

I recommend reading the migration guidance documentation:
https://cwiki.apache.org/confluence/display/NIFI/Migration+Guidance

HTH,
Pierre

Le mer. 4 mai 2022 à 16:46, sanjeet rath <ra...@gmail.com> a écrit :

> Hi ,
>
> I am facing one issue in migration from 1.12 to 1.16.1 .
> I have created one 1.16.1 cluster.And copied flow.xml , authoriser and
> authorisation user file my previous 1.12 version of cluster to this new
> cluster.
>
> When I am starting the cluster with all the keystone password in
> authoriser and loginidentifer and nifi sensitive key value unencrypted in
> nifi properties file. Then cluster came without any issue.
>
> When I am encrypting using keytool , all the properties are succefully
> encrypted. How ever while starting the cluster getting one error
>
> Error in creating bean with name ‘authoriser’ factory bean threw exception
> on object creation nested exception is org.apache.nifi.project.
> Senstivepropertyprotectionexception: protection scheme  [aes/gcm/256] is
> not supported.
>
> Any hint is really helpful as trying from last 2 days.
>
> Thanks and regards
> Sanjeet
>
>
>
>
> --
> Sanjeet Kumar Rath,
> mob- +91 8777577470
>
>