You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@nifi.apache.org by "David Handermann (Jira)" <ji...@apache.org> on 2021/03/02 04:47:00 UTC
[jira] [Commented] (NIFI-7872) EncryptContent should be able to
decrypt signed files
[ https://issues.apache.org/jira/browse/NIFI-7872?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17293345#comment-17293345 ]
David Handermann commented on NIFI-7872:
----------------------------------------
GitHub PR 4842 for NIFI-8251 includes a new DecryptContentPGP which supports decrypting OpenPGP files regardless of signing.
> EncryptContent should be able to decrypt signed files
> -----------------------------------------------------
>
> Key: NIFI-7872
> URL: https://issues.apache.org/jira/browse/NIFI-7872
> Project: Apache NiFi
> Issue Type: Wish
> Reporter: Wiktor Kubicki
> Priority: Minor
> Labels: encryption, security
>
> Hello,
> processor EcryptContent is excelent solution to add extra layer of security when there is a need, for example, to exchange files outside own infrastructure. But files enrypted by it, cannot be signed.
> And this is not such a big issue. More problematic is, when we are trying process files from others, which is signed. Then NiFi throws exception "encrypted message contains a signed message - not literal data.". (here: [gitlab|https://github.com/apache/nifi/blob/f32405ed16b7e07a0d445f1ed19032acaf33246d/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/main/java/org/apache/nifi/security/util/crypto/OpenPGPKeyBasedEncryptor.java#L301])
> Allright, i know that maybe adding support for public keyrings, checking signatures etc needs extra development, but maybe there should be extra checkbox in proessor configuration "ignore signatures" which can give us posibillity to read encrypted files, even if they are signed?
>
--
This message was sent by Atlassian Jira
(v8.3.4#803005)