exceptionfactory opened a new pull request #4842:
URL: https://github.com/apache/nifi/pull/4842
#### Description of PR
NIFI-8251 Adds the following Processors and Controller Services in a new
`nifi-pgp-bundle` and related modules:
- EncryptContentPGP
- DecryptContentPGP
- StandardPGPPrivateKeyService
- StandardPGPPublicKeyService
The new components address a number of latent issues related to PGP handling
in the `EncryptContent` Processor:
- NIFI-7396 EncryptContentPGP writes encryption metadata attributes
- NIFI-6708 Controller Services support ElGamal Public and Private Keys
- NIFI-5346 Controller Services support Keyring Files and ASCII Key
properties
- NIFI-5335 Controller Services support multiple public or private keys from
keyrings
- NIFI-2983 DecryptContentPGP finds and decrypts Encrypted Data Packets
regardless of signing
- NIFI-1694 Controller Services support individual key files or keyrings
The EncryptContentPGP Processor supports several configuration properties
that were previously hard-coded in `EncryptContent`:
- File Encoding either Binary or ASCII Armor
- Compression Algorithm
The EncryptContentPGP supports AES or Camellia Symmetric-Key Algorithms with
key sizes of 128, 192, or 256. Support for other algorithms is not included in
this initial version in order to discourage the use of less secure algorithms.
When configured with a PGPPublicKeyService, the EncryptContentPGP Processor
requires the presence of a Public Key ID formatted using the long format as a
16 character hexadecimal string. This approach provides direct control over
which key to use for encryption and also supports both RSA and ElGamal Public
Keys.
The DecryptContentPGP Processor is capable of reading messages encrypted
using any of the Symmetric-Key Algorithms supported in the BouncyCastle
library. The DecryptContentPGP Processor supports reading either binary or
ASCII Armor encoded messages through content detection and also handles
standard compression algorithms. In addition, the DecryptContentPGP Processor
is capable of handling signed messages and decrypting the contents. Additional
efforts to support signature verification can be implemented as separate
processors under NIFI-7322. The DecryptContentPGP Processor can be configured
to read messages encrypted with either Password-Based Encryption or Public Key
Encryption when configured with the necessary properties. The Processor
leverages the PGPPrivateKeyService to find associated Private Keys when
processing messages encrypted using Public Key Encryption.
The PGP Controller Services abstract access to Public and Private Key files.
Both services support binary or ASCII Armor keyrings, as well as the option to
provide an ASCII Armored keyring as a property. Public Keys are not considered
sensitive, whereas Private Keys are considered sensitive and encrypted using
standard NiFi Sensitive Properties encryption.
In order to streamline the review of the contribution we ask you
to ensure the following steps have been taken:
### For all changes:
- [X] Is there a JIRA ticket associated with this PR? Is it referenced
in the commit message?
- [X] Does your PR title start with **NIFI-XXXX** where XXXX is the JIRA
number you are trying to resolve? Pay particular attention to the hyphen "-"
character.
- [X] Has your PR been rebased against the latest commit within the target
branch (typically `main`)?
- [X] Is your initial contribution a single, squashed commit? _Additional
commits in response to PR reviewer feedback should be made on this branch and
pushed to allow change tracking. Do not `squash` or use `--force` when pushing
to allow for clean monitoring of changes._
### For code changes:
- [X] Have you ensured that the full suite of tests is executed via `mvn
-Pcontrib-check clean install` at the root `nifi` folder?
- [X] Have you written or updated unit tests to verify your changes?
- [X] Have you verified that the full build is successful on JDK 8?
- [X] Have you verified that the full build is successful on JDK 11?
- [ ] If adding new dependencies to the code, are these dependencies
licensed in a way that is compatible for inclusion under [ASF
2.0](http://www.apache.org/legal/resolved.html#category-a)?
- [ ] If applicable, have you updated the `LICENSE` file, including the main
`LICENSE` file under `nifi-assembly`?
- [ ] If applicable, have you updated the `NOTICE` file, including the main
`NOTICE` file found under `nifi-assembly`?
- [X] If adding new Properties, have you added `.displayName` in addition to
.name (programmatic access) for each of the new properties?
### For documentation related changes:
- [X] Have you ensured that format looks appropriate for the output in which
it is rendered?
### Note:
Please ensure that once the PR is submitted, you check GitHub Actions CI for
build issues and submit an update to your PR as soon as possible.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
