You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@nifi.apache.org by "Andy LoPresto (Jira)" <ji...@apache.org> on 2020/07/14 23:42:00 UTC
[jira] [Created] (NIFI-7638) Add PBE AEAD sensitive flow property
protection scheme
Andy LoPresto created NIFI-7638:
-----------------------------------
Summary: Add PBE AEAD sensitive flow property protection scheme
Key: NIFI-7638
URL: https://issues.apache.org/jira/browse/NIFI-7638
Project: Apache NiFi
Issue Type: Improvement
Components: Configuration Management, Core Framework
Affects Versions: 1.11.4
Reporter: Andy LoPresto
Assignee: Andy LoPresto
A user requested a change from AES-CBC to AES-G/CM for the {{nifi.sensitive.props.algorithm}} in {{nifi.properties}}. The current possible values are all {{EncryptionMethod}} enum values, which includes raw (directly-keyed vs. PBE) AES-G/CM, but this would require a valid hexadecimal-encoded AES key in the {{nifi.sensitive.props.key}} value. One or more new {{EncryptionMethod}} entries which combine reasonable default values for a KDF (Argon2, bcrypt, scrypt, PBKDF2) and AEAD mode of operation (AES-G/CM) would allow for simpler configuration and migration. The other option is to enhance the {{EncryptionMethod}} enum values with custom values in the {{NiFiProperties}} or {{StringEncryptor}} class which provide an additional level of security without modifying the {{EncryptionMethod}} enum directly, as the {{EncryptContent}} processor already allows independent configuration of a KDF and cipher algorithm (see NIFI-7122 / [PR 4228|https://github.com/apache/nifi/pull/4228]).
--
This message was sent by Atlassian Jira
(v8.3.4#803005)