[jira] [Commented] (NIFI-13494) Remove Repository Encryption

Wed, 03 Jul 2024 16:42:22 -0700 


    [ 
https://issues.apache.org/jira/browse/NIFI-13494?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17862895#comment-17862895
 ] 

Joe Witt commented on NIFI-13494:
---------------------------------

Yep great catch David.  Another important area to reduce complexity and 
security risk.  Disk based encryption techniques are an excellent alternative 
and more common and offer better integration for key management.

> Remove Repository Encryption
> ----------------------------
>
>                 Key: NIFI-13494
>                 URL: https://issues.apache.org/jira/browse/NIFI-13494
>             Project: Apache NiFi
>          Issue Type: Improvement
>          Components: Core Framework
>            Reporter: David Handermann
>            Assignee: David Handermann
>            Priority: Major
>
> NiFi introduced initial support for provenance repository encryption in 
> version 1.2.0 and and expanded support to other repositories in versions 
> 1.10.0 and 1.11.0. NiFi 1.15.0 introduced refactored support for repository 
> encryption, but retained the same fundamental implementation strategy.
> The initial implementation support AES with configurable key sizes, using 
> AES-CTR for the content repository and AES-GCM for the FlowFile and 
> Provenance repositories. Although the foundational algorithms provide good 
> security, the implementation itself has several fundamental issues, including 
> use of Java Object serialization for metadata storage, storing the encryption 
> key on the same file system, and the limitations around key reuse for AES.
> The current implementation for Java Object serialization mitigates some 
> potential issues, but fundamental conflicts related to class names and 
> structures are inherent with Java Object serialization.
> Storing the encryption key on the file system provides limited security and 
> raises questions about the overall threat model for repository encryption.
> AES has size limitations for the security related to the number of encryption 
> operations for the same key. Although manual key rotation is an option in the 
> current setup, it is not required, presenting other security concerns.
> Based on the current implementation issues, the repository encryption 
> components should be removed from the main branch. Consideration of a future 
> implementation should begin with key storage solutions, similar to the 
> concerns surrounding encryption of application properties.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to