You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@nifi.apache.org by "Troy Melhase (Jira)" <ji...@apache.org> on 2020/04/06 16:32:00 UTC
[jira] [Commented] (NIFI-7322) Add SignContentPGP and
VerifyContentPGP Processors
[ https://issues.apache.org/jira/browse/NIFI-7322?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17076457#comment-17076457 ]
Troy Melhase commented on NIFI-7322:
------------------------------------
[~david.margolis] thank you for your time reviewing the PGP processors and services code in #4077. I'm not sure if the Sign PGP processor needs to grow this behavior or if another processor (or two) should have it, but I think we can address this soon.
> Add SignContentPGP and VerifyContentPGP Processors
> --------------------------------------------------
>
> Key: NIFI-7322
> URL: https://issues.apache.org/jira/browse/NIFI-7322
> Project: Apache NiFi
> Issue Type: Improvement
> Components: Extensions, Security
> Affects Versions: 1.7.0
> Reporter: David Margolis
> Priority: Major
> Labels: encryption, pgp, signing
>
> Users have requested the capability to [sign|https://www.gnupg.org/gph/en/manual/r606.html] content directly with pgp in addition to storing the signature in an attribute (SignContentAttributePGP). There should be options to [clearsign|https://www.gnupg.org/gph/en/manual/r684.html] and [armor|https://www.gnupg.org/gph/en/manual/r1290.html] the content. There should be an option to produce the [detached|https://www.gnupg.org/gph/en/manual/r622.html] signature as it's own flowfile.
> Pairing with this processor, users have requested the capability to [verify|https://www.gnupg.org/gph/en/manual/r697.html] signed content with pgp in addition to verifying the signature in an attribute (VerifyContentAttributePGP). There should be options to verify clearsigned and armored content also.
> Finally, the DecryptContentPGP processor should be able to [decrypt|https://www.gnupg.org/gph/en/manual/r669.html] the signed content, so that just the unsigned content remains.
> These processors should use the PGPKeyMaterialService.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)