[
https://issues.apache.org/jira/browse/NIFI-8094?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17263453#comment-17263453
]
ASF subversion and git services commented on NIFI-8094:
-------------------------------------------------------
Commit 7d76bcd5202a8680c952d3a19072087a971d0b69 in nifi's branch
refs/heads/main from exceptionfactory
[ https://gitbox.apache.org/repos/asf?p=nifi.git;h=7d76bcd ]
NIFI-8094 Added support for BCFKS Keystore Type
NIFI-8094 Updated Administration Guide to include BCFKS
Signed-off-by: Nathan Gough <[email protected]>
This closes #4729.
> Support BCFKS Keystore Type
> ---------------------------
>
> Key: NIFI-8094
> URL: https://issues.apache.org/jira/browse/NIFI-8094
> Project: Apache NiFi
> Issue Type: Improvement
> Components: Core Framework, Extensions, Security
> Affects Versions: 1.12.1
> Reporter: David Handermann
> Assignee: David Handermann
> Priority: Minor
> Labels: FIPS, security
> Time Spent: 1h
> Remaining Estimate: 0h
>
> The [Bouncy Castle FIPS Key
> Store|https://cryptosense.com/blog/bouncycastle-keystore-security/] (BCFKS)
> format supports storage of certificates and private keys using AES-CCM and
> PBKDF2 algorithms, providing greater security than the standard JKS and
> PKCS12 implementations. Support for BCFKS can be implemented using Bouncy
> Castle security provider libraries that are already leveraged throughout the
> system.
> Initial support should include the ability to specify BCFKS as the key store
> and trust store type in standard properties files as well as the ability to
> select BCFKS in implementations of the SSLContextService.
> Extension components that do not use {{SSLContextService.createSSLContext()}}
> may need additional work, which should be addressed in related issues
> following this implementation.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
