You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@nifi.apache.org by "ASF subversion and git services (Jira)" <ji...@apache.org> on 2021/01/12 16:00:00 UTC

[jira] [Commented] (NIFI-8094) Support BCFKS Keystore Type

    [ https://issues.apache.org/jira/browse/NIFI-8094?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17263452#comment-17263452 ] 

ASF subversion and git services commented on NIFI-8094:
-------------------------------------------------------

Commit 7d76bcd5202a8680c952d3a19072087a971d0b69 in nifi's branch refs/heads/main from exceptionfactory
[ https://gitbox.apache.org/repos/asf?p=nifi.git;h=7d76bcd ]

NIFI-8094 Added support for BCFKS Keystore Type

NIFI-8094 Updated Administration Guide to include BCFKS

Signed-off-by: Nathan Gough <th...@gmail.com>

This closes #4729.


> Support BCFKS Keystore Type
> ---------------------------
>
>                 Key: NIFI-8094
>                 URL: https://issues.apache.org/jira/browse/NIFI-8094
>             Project: Apache NiFi
>          Issue Type: Improvement
>          Components: Core Framework, Extensions, Security
>    Affects Versions: 1.12.1
>            Reporter: David Handermann
>            Assignee: David Handermann
>            Priority: Minor
>              Labels: FIPS, security
>          Time Spent: 1h
>  Remaining Estimate: 0h
>
> The [Bouncy Castle FIPS Key Store|https://cryptosense.com/blog/bouncycastle-keystore-security/] (BCFKS) format supports storage of certificates and private keys using AES-CCM and PBKDF2 algorithms, providing greater security than the standard JKS and PKCS12 implementations. Support for BCFKS can be implemented using Bouncy Castle security provider libraries that are already leveraged throughout the system.
> Initial support should include the ability to specify BCFKS as the key store and trust store type in standard properties files as well as the ability to select BCFKS in implementations of the SSLContextService.
> Extension components that do not use {{SSLContextService.createSSLContext()}} may need additional work, which should be addressed in related issues following this implementation.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)