[
https://issues.apache.org/jira/browse/NIFI-1242?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15041548#comment-15041548
]
Joseph Witt commented on NIFI-1242:
-----------------------------------
of note the key-length supported is something we've never done a good job of
being clear about. This code seems to be a way we could provide real validation
{code}
int maxKeyLen = Cipher.getMaxAllowedKeyLength("AES");
{code}
That is from
http://www.javamex.com/tutorials/cryptography/unrestricted_policy_files.shtml
> Password-based encryption is not compatible with OpenSSL
> --------------------------------------------------------
>
> Key: NIFI-1242
> URL: https://issues.apache.org/jira/browse/NIFI-1242
> Project: Apache NiFi
> Issue Type: Bug
> Components: Extensions
> Affects Versions: 0.4.0
> Reporter: Andy LoPresto
> Assignee: Andy LoPresto
> Priority: Critical
> Labels: security
> Fix For: 0.4.0
>
> Original Estimate: 24h
> Remaining Estimate: 24h
>
> Despite the algorithm names indicating compatibility with OpenSSL, the
> current password-based encryption processors cannot decrypt data that was
> encrypted with OpenSSL external to NiFi.
> I will create a new OpenSSLPBEEncryptor implementation, a new
> EncryptionMethod, and wire the logic in EncryptContent to select the correct
> encryptor.
> I have a more in-depth explanation of the issue at
> https://github.com/alopresto/opensslpbeencryptor/blob/master/blog.md, but the
> fix is done in a sandbox and will be moved into NiFi by morning 12/03/15.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
