[jira] [Commented] (NIFI-13494) Remove Repository Encryption

Fri, 05 Jul 2024 13:49:33 -0700 


    [ 
https://issues.apache.org/jira/browse/NIFI-13494?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17863416#comment-17863416
 ] 

ASF subversion and git services commented on NIFI-13494:
--------------------------------------------------------

Commit 7cb66848015aae2674a73343fc68a4f1f11c0a02 in nifi's branch 
refs/heads/main from David Handermann
[ https://gitbox.apache.org/repos/asf?p=nifi.git;h=7cb6684801 ]

NIFI-13494 Removed support for Repository Encryption
This closes #9039

Signed-off-by: Joseph Witt <[email protected]>


> Remove Repository Encryption
> ----------------------------
>
>                 Key: NIFI-13494
>                 URL: https://issues.apache.org/jira/browse/NIFI-13494
>             Project: Apache NiFi
>          Issue Type: Improvement
>          Components: Core Framework
>            Reporter: David Handermann
>            Assignee: David Handermann
>            Priority: Major
>             Fix For: 2.0.0-M5
>
>          Time Spent: 20m
>  Remaining Estimate: 0h
>
> NiFi introduced initial support for provenance repository encryption in 
> version 1.2.0 and and expanded support to other repositories in versions 
> 1.10.0 and 1.11.0. NiFi 1.15.0 introduced refactored support for repository 
> encryption, but retained the same fundamental implementation strategy.
> The initial implementation support AES with configurable key sizes, using 
> AES-CTR for the content repository and AES-GCM for the FlowFile and 
> Provenance repositories. Although the foundational algorithms provide good 
> security, the implementation itself has several fundamental issues, including 
> use of Java Object serialization for metadata storage, storing the encryption 
> key on the same file system, and the limitations around key reuse for AES.
> The current implementation for Java Object serialization mitigates some 
> potential issues, but fundamental conflicts related to class names and 
> structures are inherent with Java Object serialization.
> Storing the encryption key on the file system provides limited security and 
> raises questions about the overall threat model for repository encryption.
> AES has size limitations for the security related to the number of encryption 
> operations for the same key. Although manual key rotation is an option in the 
> current setup, it is not required, presenting other security concerns.
> Based on the current implementation issues, the repository encryption 
> components should be removed from the main branch. Consideration of a future 
> implementation should begin with key storage solutions, similar to the 
> concerns surrounding encryption of application properties.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to