[
https://issues.apache.org/jira/browse/NIFI-1242?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15041625#comment-15041625
]
Aldrin Piri commented on NIFI-1242:
-----------------------------------
Ran into some failed tests.
Failed tests:
TestEncryptContent.testShouldDecryptOpenSSLRawSalted:104 Expected all
Transferred FlowFiles to go to success but 1 were routed to failure
TestEncryptContent.testShouldDecryptOpenSSLRawUnsalted:135 Expected all
Transferred FlowFiles to go to success but 1 were routed to failure
These seem to stem from the fact that the environment this work was developed
on included the JCE to allow for the unlimited strength jurisdiction policies
but pushed beyond the key size for a vanilla JDK install.
> Password-based encryption is not compatible with OpenSSL
> --------------------------------------------------------
>
> Key: NIFI-1242
> URL: https://issues.apache.org/jira/browse/NIFI-1242
> Project: Apache NiFi
> Issue Type: Bug
> Components: Extensions
> Affects Versions: 0.4.0
> Reporter: Andy LoPresto
> Assignee: Andy LoPresto
> Priority: Critical
> Labels: security
> Fix For: 0.4.0
>
> Original Estimate: 24h
> Remaining Estimate: 24h
>
> Despite the algorithm names indicating compatibility with OpenSSL, the
> current password-based encryption processors cannot decrypt data that was
> encrypted with OpenSSL external to NiFi.
> I will create a new OpenSSLPBEEncryptor implementation, a new
> EncryptionMethod, and wire the logic in EncryptContent to select the correct
> encryptor.
> I have a more in-depth explanation of the issue at
> https://github.com/alopresto/opensslpbeencryptor/blob/master/blog.md, but the
> fix is done in a sandbox and will be moved into NiFi by morning 12/03/15.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
