You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@nifi.apache.org by Phil H <gi...@gmail.com> on 2021/12/21 22:37:47 UTC

Issue with setting nifi.sensitive.props.key

Hi there,

I am in the process of trying to upgrade from 13.2 to 15.1. I did not have
a sensitive props key set previously. Based on the upgrade guide, I ran

nifi.sh set-sensitive-properties-key APassword

When I ran nifi, it was complaining about a lack of specified algorithm. I
ran up a new installation of 15.1 on another machine which automatically
specified an algorithm of NIFI_PBKDF2_AES_GCM_256. I copied this value to
my existing install’s nifi.properties.

When I run nifi now, it halts with a javax.crypto.AEADBadTagException: mac
check in GCM failed

If I try the same set-sensitive-properties-key command again, it now fails
with the same ‘GCM failed’ exception. If I remove the algorithm line from
the nifi.properties file, this command works, but then starting nifi gives
me an “NullPointerException: Algorithm required”

Not sure what I am missing here!

Help!

Thanks,
Phil

Re: Issue with setting nifi.sensitive.props.key

Posted by David Handermann <ex...@apache.org>.

Phil,

The section of the post describing setting the sensitive properties
algorithm includes an example toolkit command that can be used to change
the sensitive properties algorithm:

https://exceptionfactory.com/posts/2021/07/29/deciphering-apache-nifi-component-property-encryption/#setting-the-sensitive-properties-algorithm

When upgrading from a previous version of NiFi, you need to start with the
previous default value for the algorithm specified in nifi.properties:

nifi.sensitive.props.algorithm=PBEWITHMD5AND256BITAES-CBC-OPENSSL

With that value, you should be able to run the set-sensitive-properties-key
command.  If you want to change the algorithm to the new default of
NIFI_PBKDF2_AES_GCM_256, then you can use the encrypt-config.sh toolkit
command described.

Regards,
David Handermann


On Tue, Dec 21, 2021 at 4:43 PM Joe Witt <jo...@gmail.com> wrote:

> Phil
>
> Not sure if this helps but DavidH wrote this
>
> https://exceptionfactory.com/posts/2021/07/29/deciphering-apache-nifi-component-property-encryption/#mandatory-sensitive-properties-key
>
> Thanks
>
> On Tue, Dec 21, 2021 at 3:38 PM Phil H <gi...@gmail.com> wrote:
> >
> > Hi there,
> >
> > I am in the process of trying to upgrade from 13.2 to 15.1. I did not
> have
> > a sensitive props key set previously. Based on the upgrade guide, I ran
> >
> > nifi.sh set-sensitive-properties-key APassword
> >
> > When I ran nifi, it was complaining about a lack of specified algorithm.
> I
> > ran up a new installation of 15.1 on another machine which automatically
> > specified an algorithm of NIFI_PBKDF2_AES_GCM_256. I copied this value to
> > my existing install’s nifi.properties.
> >
> > When I run nifi now, it halts with a javax.crypto.AEADBadTagException:
> mac
> > check in GCM failed
> >
> > If I try the same set-sensitive-properties-key command again, it now
> fails
> > with the same ‘GCM failed’ exception. If I remove the algorithm line from
> > the nifi.properties file, this command works, but then starting nifi
> gives
> > me an “NullPointerException: Algorithm required”
> >
> > Not sure what I am missing here!
> >
> > Help!
> >
> > Thanks,
> > Phil
>

Re: Issue with setting nifi.sensitive.props.key

Posted by Joe Witt <jo...@gmail.com>.

Phil

Not sure if this helps but DavidH wrote this
https://exceptionfactory.com/posts/2021/07/29/deciphering-apache-nifi-component-property-encryption/#mandatory-sensitive-properties-key

Thanks

On Tue, Dec 21, 2021 at 3:38 PM Phil H <gi...@gmail.com> wrote:
>
> Hi there,
>
> I am in the process of trying to upgrade from 13.2 to 15.1. I did not have
> a sensitive props key set previously. Based on the upgrade guide, I ran
>
> nifi.sh set-sensitive-properties-key APassword
>
> When I ran nifi, it was complaining about a lack of specified algorithm. I
> ran up a new installation of 15.1 on another machine which automatically
> specified an algorithm of NIFI_PBKDF2_AES_GCM_256. I copied this value to
> my existing install’s nifi.properties.
>
> When I run nifi now, it halts with a javax.crypto.AEADBadTagException: mac
> check in GCM failed
>
> If I try the same set-sensitive-properties-key command again, it now fails
> with the same ‘GCM failed’ exception. If I remove the algorithm line from
> the nifi.properties file, this command works, but then starting nifi gives
> me an “NullPointerException: Algorithm required”
>
> Not sure what I am missing here!
>
> Help!
>
> Thanks,
> Phil