alopresto commented on issue #3968: NIFI-3833 Implemented encrypted flowfile repository URL: https://github.com/apache/nifi/pull/3968#issuecomment-572307305 To verify that the flowfile repository files are encrypted, you can use any hex view tool (Hex Fiend, `xxd`, etc.) to examine `$NIFI_HOME/flowfile_repository/checkpoint` and `$NIFI_HOME/flowfile_repository/journals/*.journal`. The beginning will be the serialization of the schema header, which is not sensitive and therefore not encrypted. After ~7300 bytes, you will find the beginning of the flowfile record serialization. In plaintext form, you would be able to read the attributes in plaintext. In encrypted form, you will see the Java serialization of the `RepositoryObjectEncryptionMetadata` class, containing `cipherByteLength`, `algorithm`, `ivBytes`, `version`, and `keyId`. Following those field names, you should see recognizable sequences like `K1` and `AES/GCM/NoPadding`. See example below. <img width="1381" alt="Example encrypted journal file" src="https://user-images.githubusercontent.com/798465/72024771-065d9400-322b-11ea-8412-099c83b6f7f2.png";>
---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: [email protected] With regards, Apache Git Services
![https://user-images.githubusercontent.com/798465/72024771-065d9400-322b-11ea-8412-099c83b6f7f2.png"](https://user-images.githubusercontent.com/798465/72024771-065d9400-322b-11ea-8412-099c83b6f7f2.png"){kind=link}