[jira] [Updated] (NIFI-3045) Usage of -k undermines encrypted configuration

Thu, 17 Nov 2016 08:44:39 -0800 

     [ 
https://issues.apache.org/jira/browse/NIFI-3045?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Anders Breindahl updated NIFI-3045:
-----------------------------------
    Description: 
Hey,

When setting up a hardened NiFi installation I ran into this. I hope I'm 
mistaken.

When running the {{encrypt-config.sh}} script, one has a 
{{nifi.bootstrap.sensitive.key}} string configured in {{bootstrap.conf}}. The 
service startup script makes this be passed from {{RunNifi}} to{{NiFi}} by a 
{{-k}} parameter.

This however can be retrieved by any user of the interface -- which, combined 
with NiFi being able to read from (the 
encrypted-under-{{nifi.bootstrap.sensitive.key}}) {{nifi.properties}} file 
means that e.g. the {{nifi.security.keystorePasswd}} property can be decrypted 
offline.

Does this have anything to it?

  was:
Hey,

When setting up a hardened NiFi installation I ran into this. I hope I'm 
mistaken.

When running the `encrypt-config.sh` script, one has a 
`nifi.bootstrap.sensitive.key` string configured in `bootstrap.conf`. The 
service startup script makes this be passed from `RunNifi` to`NiFi` by a `-k` 
parameter.

This however can be retrieved by any user of the interface -- which, combined 
with NiFi being able to read from (the 
encrypted-under-`nifi.bootstrap.sensitive.key`) `nifi.properties` file means 
that e.g. the `nifi.security.keystorePasswd` property can be decrypted offline.

Does this have anything to it?


> Usage of -k undermines encrypted configuration
> ----------------------------------------------
>
>                 Key: NIFI-3045
>                 URL: https://issues.apache.org/jira/browse/NIFI-3045
>             Project: Apache NiFi
>          Issue Type: Bug
>          Components: Configuration
>    Affects Versions: 1.0.0
>            Reporter: Anders Breindahl
>              Labels: bootstrap, configuration, encryption, security
>         Attachments: 2016-11-16_dash-ks-extraction.png, 
> extract-dash-ks-from-process-list.xml
>
>
> Hey,
> When setting up a hardened NiFi installation I ran into this. I hope I'm 
> mistaken.
> When running the {{encrypt-config.sh}} script, one has a 
> {{nifi.bootstrap.sensitive.key}} string configured in {{bootstrap.conf}}. The 
> service startup script makes this be passed from {{RunNifi}} to{{NiFi}} by a 
> {{-k}} parameter.
> This however can be retrieved by any user of the interface -- which, combined 
> with NiFi being able to read from (the 
> encrypted-under-{{nifi.bootstrap.sensitive.key}}) {{nifi.properties}} file 
> means that e.g. the {{nifi.security.keystorePasswd}} property can be 
> decrypted offline.
> Does this have anything to it?



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to