[
https://issues.apache.org/jira/browse/NIFI-10021?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17539101#comment-17539101
]
David Handermann commented on NIFI-10021:
-----------------------------------------
[~andyadamides] The error indicates the {{nifi.sensitive.props.key}} or
{{nifi.sensitive.props.algorithm}} do not match the values used when the flow
was previously encrypted. Does the {{key}} match the same value configured in
{{nifi.properties}} prior to the upgrade?
NiFi 1.14.0 changed the default algorithm, but it looks like the configured
algorithm is using the previous default value from earlier versions. That
algorithm should also work, as long as the {{key}} matches.
> Apache Nifi Web Server keeps failing to start with Decryption exception
> -----------------------------------------------------------------------
>
> Key: NIFI-10021
> URL: https://issues.apache.org/jira/browse/NIFI-10021
> Project: Apache NiFi
> Issue Type: Bug
> Affects Versions: 1.16.1
> Reporter: Andreas Adamides
> Priority: Blocker
>
> I have a setup in which NiFi Web Server suddenly started failing to start
> when upgrading from "1.15.3" to "1.16.1" version. The following exception
> keeps occurring on the Apache NiFi Cluster, this is from the app logs:
>
> {code:java}
> 2022-05-11 22:53:40,570 WARN [main] org.apache.nifi.web.server.JettyServer
> Failed to start web server... shutting down.
> org.apache.nifi.encrypt.EncryptionException: Decryption Failed with Algorithm
> [PBEWITHMD5AND256BITAES-CBC-OPENSSL]
> at
> org.apache.nifi.encrypt.CipherPropertyEncryptor.decrypt(CipherPropertyEncryptor.java:78)
> at
> org.apache.nifi.fingerprint.FingerprintFactory.decrypt(FingerprintFactory.java:931)
> at
> org.apache.nifi.fingerprint.FingerprintFactory.getLoggableRepresentationOfSensitiveValue(FingerprintFactory.java:561)
> at
> org.apache.nifi.fingerprint.FingerprintFactory.addParameter(FingerprintFactory.java:330)
> at
> org.apache.nifi.fingerprint.FingerprintFactory.addParameterContext(FingerprintFactory.java:302)
> at
> org.apache.nifi.fingerprint.FingerprintFactory.addFlowControllerFingerprint(FingerprintFactory.java:210)
> at
> org.apache.nifi.fingerprint.FingerprintFactory.createFingerprint(FingerprintFactory.java:153)
> at
> org.apache.nifi.fingerprint.FingerprintFactory.createFingerprint(FingerprintFactory.java:127)
> at
> org.apache.nifi.controller.inheritance.FlowFingerprintCheck.checkInheritability(FlowFingerprintCheck.java:45)
> at
> org.apache.nifi.controller.XmlFlowSynchronizer.sync(XmlFlowSynchronizer.java:200)
> at
> org.apache.nifi.controller.serialization.StandardFlowSynchronizer.sync(StandardFlowSynchronizer.java:43)
> at
> org.apache.nifi.controller.FlowController.synchronize(FlowController.java:1524)
> at
> org.apache.nifi.persistence.StandardFlowConfigurationDAO.load(StandardFlowConfigurationDAO.java:104)
> at
> org.apache.nifi.controller.StandardFlowService.loadFromBytes(StandardFlowService.java:815)
> at
> org.apache.nifi.controller.StandardFlowService.load(StandardFlowService.java:457)
> at org.apache.nifi.web.server.JettyServer.start(JettyServer.java:1086)
> at org.apache.nifi.NiFi.<init>(NiFi.java:170)
> at org.apache.nifi.NiFi.<init>(NiFi.java:82)
> at org.apache.nifi.NiFi.main(NiFi.java:330)
> Caused by: javax.crypto.BadPaddingException: pad block corrupted
> at
> org.bouncycastle.jcajce.provider.symmetric.util.BaseBlockCipher$BufferedGenericBlockCipher.doFinal(Unknown
> Source)
> at
> org.bouncycastle.jcajce.provider.symmetric.util.BaseBlockCipher.engineDoFinal(Unknown
> Source)
> at javax.crypto.Cipher.doFinal(Cipher.java:2168)
> at
> org.apache.nifi.encrypt.CipherPropertyEncryptor.decrypt(CipherPropertyEncryptor.java:74)
> ... 18 common frames omitted{code}
> relevant nifi.properties:
> {code:java}
> nifi.sensitive.props.key=<hidden>
> nifi.sensitive.props.key.protected=
> nifi.sensitive.props.algorithm=PBEWITHMD5AND256BITAES-CBC-OPENSSL
> nifi.sensitive.props.additional.keys={code}
> I have already tried to tear it all down and re-install `1.15.3` with not any
> other changes, but the same issue still persists. Can someone please share
> any ideas if there are any on how to fix this?
--
This message was sent by Atlassian Jira
(v8.20.7#820007)
