[jira] [Commented] (NIFI-2961) Create EncryptAttribute processor

Tue, 14 Feb 2017 12:50:25 -0800 

    [ 
https://issues.apache.org/jira/browse/NIFI-2961?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15866639#comment-15866639
 ] 

ASF GitHub Bot commented on NIFI-2961:
--------------------------------------

Github user alopresto commented on the issue:

    https://github.com/apache/nifi/pull/1294
  
    @HandOfGod94 
    
    # `EncryptContent` should encrypt flowfile content. It should not operate 
on attributes. At most, it could *add* an attribute documenting what encryption 
algorithm, KDF, etc. were used to encrypt the content. 
    # You do not need a new ticket, you can create a new PR against NIFI-2961. 
If you undertake a task solely to modify `EncryptContent` for some reason, that 
would be a new Jira. 
    # The shared logic should absolutely be refactored out of `EncryptContent`. 
Again, do not try to add the responsibility for encrypting attributes to 
`EncryptContent`. 


> Create EncryptAttribute processor
> ---------------------------------
>
>                 Key: NIFI-2961
>                 URL: https://issues.apache.org/jira/browse/NIFI-2961
>             Project: Apache NiFi
>          Issue Type: Improvement
>          Components: Extensions
>    Affects Versions: 1.0.0
>            Reporter: Andy LoPresto
>              Labels: attributes, encryption, security
>
> Similar to {{EncryptContent}}, the {{EncryptAttribute}} processor would allow 
> individual (and multiple) flowfile attributes to be encrypted (either 
> in-place or to a new attribute key) with various encryption algorithms (AES, 
> RSA, PBE, and PGP). 
> Specific compatibility with the {{OpenSSL EVP_BytesToKey}}, {{PBKDF2}}, 
> {{scrypt}}, and {{bcrypt}} key derivation functions should be included. 
> The processor should provide the boolean option to encrypt or decrypt (only 
> one operation per instance of the processor). The processor should also allow 
> Base64 encoding (aka ASCII armor) for the encrypted attributes to prevent 
> byte escaping/data loss. 
> If [dangerous processor 
> annotations|https://cwiki.apache.org/confluence/display/NIFI/Security+Feature+Roadmap]
>  are introduced, this processor should be marked as such and the 
> corresponding attribute protection (i.e. provenance before/after, etc.) 
> should be applied. 
> Originally requested in this [Stack Overflow 
> question|https://stackoverflow.com/questions/40294945/nifi-encrypt-json].  



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

Reply via email to