[
https://issues.apache.org/jira/browse/NIFI-7836?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17201872#comment-17201872
]
David Handermann commented on NIFI-7836:
----------------------------------------
Andy,
After looking at the EncryptContent Processor and considering your comments, I
can see at least two potential implementation approaches:
# Create a new generic Processor with a Controller Service interface that
could be implemented for various encryption algorithms, along the lines of the
EncryptContent.Encryptor interface
# Create a new package under standard-processors with distinct Processors for
each algorithm and encryption or decryption operation
Although the EncryptContent.Encryptor interface abstracts a number of things,
the EncryptContent still has a large number of optional properties that apply
only to particular algorithms. It seems like a generic Controller Service
would be too generic to be meaningful. Even encrypt and decrypt operations can
have different types of properties, as in the case of public key encryption.
If you have any additional details on the direction you would like to go with
separate processors, that would be helpful to know. The initial implementation
I am proposing includes two distinct Processors, one for encryption, one for
decryption.
> Add Encrypt and Decrypt CMS Processors and Services
> ---------------------------------------------------
>
> Key: NIFI-7836
> URL: https://issues.apache.org/jira/browse/NIFI-7836
> Project: Apache NiFi
> Issue Type: New Feature
> Components: Extensions
> Affects Versions: 1.12.0
> Reporter: David Handermann
> Assignee: David Handermann
> Priority: Major
> Labels: cms, encryption, security, smime, x509
>
> The purpose of this issue is to add new Processors and Controller Services
> supporting encryption and decryption using Cryptographic Message Syntax as
> defined in RFC 5652.
> CMS provides the underlying specification for S/MIME messages and also
> supports encryption and decryption using X.509 certificates. Standard Java
> Key Stores can be used to support encrypting messages for one or more
> recipients. Decrypting messages can also be supported based on matching
> certificate serial number and issuer attributes.
> The current EncryptContent Processor supports encryption using passwords and
> PGP keys, but does not support encryption using X.509 certificates. New
> Processors for encryption and decryption would support encryption using X.509
> certificates using CMS classes in the Bouncy Castle library. New Controller
> Services would provide access to certificate and private key information from
> standard Java Key Stores.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
