You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@nifi.apache.org by GitBox <gi...@apache.org> on 2020/01/08 23:25:16 UTC

[GitHub] [nifi] alopresto commented on issue #3968: NIFI-3833 Implemented encrypted flowfile repository

alopresto commented on issue #3968: NIFI-3833 Implemented encrypted flowfile repository
URL: https://github.com/apache/nifi/pull/3968#issuecomment-572307305
 
 
   To verify that the flowfile repository files are encrypted, you can use any hex view tool (Hex Fiend, `xxd`,  etc.) to examine `$NIFI_HOME/flowfile_repository/checkpoint` and `$NIFI_HOME/flowfile_repository/journals/*.journal`. The beginning will be the serialization of the schema header, which is not sensitive and therefore not encrypted. After ~7300 bytes, you will find the beginning of the flowfile record serialization. In plaintext form, you would be able to read the attributes in plaintext. In encrypted form, you will see the Java serialization of the `RepositoryObjectEncryptionMetadata` class, containing `cipherByteLength`, `algorithm`, `ivBytes`, `version`, and `keyId`. Following those field names, you should see recognizable sequences like `K1` and `AES/GCM/NoPadding`. See example below. 
   
   <img width="1381" alt="Example encrypted journal file" src="https://user-images.githubusercontent.com/798465/72024771-065d9400-322b-11ea-8412-099c83b6f7f2.png">
   

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
users@infra.apache.org


With regards,
Apache Git Services