You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@nifi.apache.org by "David Handermann (Jira)" <ji...@apache.org> on 2022/01/19 20:23:00 UTC

[jira] [Updated] (NIFI-8549) Upgrade MiNiFi default sensitive properties algorithm

     [ https://issues.apache.org/jira/browse/NIFI-8549?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

David Handermann updated NIFI-8549:
-----------------------------------
    Summary: Upgrade MiNiFi default sensitive properties algorithm  (was: Evaluate the usage of strong encryption and bouncycastle being enabled)

> Upgrade MiNiFi default sensitive properties algorithm
> -----------------------------------------------------
>
>                 Key: NIFI-8549
>                 URL: https://issues.apache.org/jira/browse/NIFI-8549
>             Project: Apache NiFi
>          Issue Type: Bug
>          Components: MiNiFi
>            Reporter: Andy LoPresto
>            Assignee: David Handermann
>            Priority: Major
>
> {quote}
> * Could we please change the default algorithm for protecting sensitive property values to something stronger than the current selection? I would open a Jira if necessary, but this is one of those things that is really better to do before the first release so users have a backward-compatible config.yml file moving forward. If we change it in a subsequent release, we will need to do significant migration hand-holding. My suggestion would be "PBEWITHSHA256AND256BITAES-CBC-BC” which is significantly stronger, but after trying a few BC options, I continue to get EncryptionExceptions even though I have the JCE unlimited cryptographic strength jurisdiction policy files installed, so this may be a 0.0.2 fix. Is BouncyCastle not enabled by default?
> {quote}



--
This message was sent by Atlassian Jira
(v8.20.1#820001)