[jira] [Commented] (NIFI-7322) Add SignContentPGP and VerifyContentPGP Processors

Wed, 24 Feb 2021 11:06:06 -0800 


    [ 
https://issues.apache.org/jira/browse/NIFI-7322?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17290204#comment-17290204
 ] 

David Handermann commented on NIFI-7322:
----------------------------------------

NIFI-8251 implemented in [GitHub PR 
4842|https://github.com/apache/nifi/pull/4842] provides a different approach to 
implementing to new Encrypt and Decrypt Processors and Controller Services for 
PGP. The Public Key and Private Key Controller Services included could support 
the implementation of new Sign and Verify Processors for PGP as described.

> Add SignContentPGP and VerifyContentPGP Processors
> --------------------------------------------------
>
>                 Key: NIFI-7322
>                 URL: https://issues.apache.org/jira/browse/NIFI-7322
>             Project: Apache NiFi
>          Issue Type: Improvement
>          Components: Extensions, Security
>    Affects Versions: 1.7.0
>            Reporter: David Margolis
>            Priority: Major
>              Labels: encryption, pgp, signing
>
> Users have requested the capability to 
> [sign|https://www.gnupg.org/gph/en/manual/r606.html] content directly with 
> pgp in addition to storing the signature in an attribute 
> (SignContentAttributePGP). There should be options to 
> [clearsign|https://www.gnupg.org/gph/en/manual/r684.html] and 
> [armor|https://www.gnupg.org/gph/en/manual/r1290.html] the content. There 
> should be an option to produce the 
> [detached|https://www.gnupg.org/gph/en/manual/r622.html] signature as it's 
> own flowfile.
> Pairing with this processor, users have requested the capability to 
> [verify|https://www.gnupg.org/gph/en/manual/r697.html] signed content with 
> pgp in addition to verifying the signature in an attribute 
> (VerifyContentAttributePGP). There should be options to verify clearsigned 
> and armored content also.
> Finally, the DecryptContentPGP processor should be able to 
> [decrypt|https://www.gnupg.org/gph/en/manual/r669.html] the signed content, 
> so that just the unsigned content remains.
> These processors should use the PGPKeyMaterialService.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

Reply via email to