You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@nifi.apache.org by "David Handermann (Jira)" <ji...@apache.org> on 2021/02/24 19:06:00 UTC

[jira] [Commented] (NIFI-7322) Add SignContentPGP and VerifyContentPGP Processors

    [ https://issues.apache.org/jira/browse/NIFI-7322?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17290204#comment-17290204 ] 

David Handermann commented on NIFI-7322:
----------------------------------------

NIFI-8251 implemented in [GitHub PR 4842|https://github.com/apache/nifi/pull/4842] provides a different approach to implementing to new Encrypt and Decrypt Processors and Controller Services for PGP. The Public Key and Private Key Controller Services included could support the implementation of new Sign and Verify Processors for PGP as described.

> Add SignContentPGP and VerifyContentPGP Processors
> --------------------------------------------------
>
>                 Key: NIFI-7322
>                 URL: https://issues.apache.org/jira/browse/NIFI-7322
>             Project: Apache NiFi
>          Issue Type: Improvement
>          Components: Extensions, Security
>    Affects Versions: 1.7.0
>            Reporter: David Margolis
>            Priority: Major
>              Labels: encryption, pgp, signing
>
> Users have requested the capability to [sign|https://www.gnupg.org/gph/en/manual/r606.html] content directly with pgp in addition to storing the signature in an attribute (SignContentAttributePGP). There should be options to [clearsign|https://www.gnupg.org/gph/en/manual/r684.html] and [armor|https://www.gnupg.org/gph/en/manual/r1290.html] the content. There should be an option to produce the [detached|https://www.gnupg.org/gph/en/manual/r622.html] signature as it's own flowfile.
> Pairing with this processor, users have requested the capability to [verify|https://www.gnupg.org/gph/en/manual/r697.html] signed content with pgp in addition to verifying the signature in an attribute (VerifyContentAttributePGP). There should be options to verify clearsigned and armored content also.
> Finally, the DecryptContentPGP processor should be able to [decrypt|https://www.gnupg.org/gph/en/manual/r669.html] the signed content, so that just the unsigned content remains.
> These processors should use the PGPKeyMaterialService.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)