The only other thing I can think of off the top of my head is that the userID specification may have changed with the BouncyCastle upgrade and the provided userID of just an email may be incomplete? In my testing, I had to specify the "name", "description", and "email" fields from the key in the format below in order to match the exact format that the library reads from the keyring.
userID = "Name (Description) <Email>" You can test this and evaluate what the library sees as the key userID by attaching a remote debugger to your running instance and evaluating inside the iterator loop here [1]. I'm not sure what version of GPG you're running, but it is worth investigating if the format of the stored key no longer matches how NiFi was reading it. [1] https://github.com/apache/nifi/blob/master/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/main/java/org/apache/nifi/processors/standard/util/crypto/OpenPGPKeyBasedEncryptor.java#L200 Andy LoPresto [email protected] PGP Fingerprint: 70EC B3E5 98A6 5A3F D3C4 BACE 3C6E F65B 2F7D EF69 > On Mar 28, 2016, at 18:24, Andy LoPresto <[email protected]> wrote: > > Forgot to mention you’ll want to change the input/output directories in the > GetFile and PutFile processors, as well as the paths to the public and secret > keyring, the user ID, and the password for the EncryptContent processors. > > Andy LoPresto > [email protected] > PGP Fingerprint: 70EC B3E5 98A6 5A3F D3C4 BACE 3C6E F65B 2F7D EF69 > >> On Mar 28, 2016, at 4:04 PM, Andy LoPresto <[email protected]> >> wrote: >> >> Hi Alan, >> >> I am investigating this issue (spinning up an instance, setting up a flow >> that involves PGP encryption and decryption, etc.) to verify. >> >> As an aside, the setting for “Key Derivation Function” is irrelevant if >> “Encryption Algorithm” is set to “PGP” or “PGP_ASCII_ARMOR”. The KDF is >> required for symmetric encryption (deriving a key from the provided >> password), but not used for PGP encryption/decryption at all. Unfortunately, >> we cannot currently display/hide or change the required-ness of processor >> properties based on the value of other properties. There is an existing Jira >> open [1] to enhance this functionality. Perhaps this can be better >> documented in the Admin Guide [2]. >> >> Can you also provide the full stacktrace and your system configuration, if >> possible, to help with the troubleshooting? Thank you. >> >> [1] https://issues.apache.org/jira/browse/NIFI-1121 >> [2] >> https://nifi.apache.org/docs/nifi-docs/html/administration-guide.html#encryption >> >> >> Andy LoPresto >> [email protected] >> PGP Fingerprint: 70EC B3E5 98A6 5A3F D3C4 BACE 3C6E F65B 2F7D EF69 >> >>> On Mar 28, 2016, at 2:18 PM, Alan Jackoway <[email protected]> wrote: >>> >>> Hello, >>> >>> I had an EncryptContent processor running with PGP public key encryption >>> when we were running NiFi 0.4.x. >>> >>> We recently went up to a 0.5.x, which includes NIFI-1257 and NIFI-1259. Now >>> my EncryptContent processors are failing to validate my key with an error >>> message: >>> 'Public Keyring File' is invalid because Invalid Public Keyring File >>> filename because java.io.IOException: invalid header encountered >>> >>> I tried all the key derivation functions, but in all cases I got the same >>> error. >>> >>> Is there an easy way to talk NiFi into using my key again? >>> >>> I have attached a public key that works on 0.3.0 (I didn't have 0.4 on my >>> machine for some reason) but fails in 0.5.1. The user id is >>> [email protected] >>> >>> Is there any easy fix? Should I file a jira? >>> >>> Since it said invalid header, I tried taking out the comment at the top of >>> the key. That didn't work. >>> >>> Thanks, >>> Alan >>> <TestPublicKey.asc> >
