You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@nifi.apache.org by "Andy LoPresto (JIRA)" <ji...@apache.org> on 2016/12/08 18:47:59 UTC
[jira] [Updated] (NIFI-3171) Improve error message when long
password is used for config encryption on machine without JCE policies
[ https://issues.apache.org/jira/browse/NIFI-3171?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Andy LoPresto updated NIFI-3171:
--------------------------------
Priority: Minor (was: Major)
> Improve error message when long password is used for config encryption on machine without JCE policies
> ------------------------------------------------------------------------------------------------------
>
> Key: NIFI-3171
> URL: https://issues.apache.org/jira/browse/NIFI-3171
> Project: Apache NiFi
> Issue Type: Improvement
> Components: Tools and Build
> Affects Versions: 1.1.0
> Reporter: Andy LoPresto
> Priority: Minor
> Labels: encryption, security
>
> If the user runs {{./bin/encrypt-config.sh}} with a password longer than 16 bytes on a machine without the JCE unlimited strength cryptographic jurisdiction policies installed, an Illegal Key Size exception will be thrown and the full stack trace will be printed (in verbose mode).
> We should detect the absence/presence of strong crypto availability and perform a length check on the password before attempting to derive the encryption key from this value in order to provide better error messaging.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)