[jira] [Updated] (NIFI-7638) Add PBE AEAD sensitive flow property protection scheme
[ https://issues.apache.org/jira/browse/NIFI-7638?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Andy LoPresto updated NIFI-7638: Fix Version/s: 1.12.0 Resolution: Fixed Status: Resolved (was: Patch Available) > Add PBE AEAD sensitive flow property protection scheme > -- > > Key: NIFI-7638 > URL: https://issues.apache.org/jira/browse/NIFI-7638 > Project: Apache NiFi > Issue Type: Improvement > Components: Configuration Management, Core Framework >Affects Versions: 1.11.4 >Reporter: Andy LoPresto >Assignee: Andy LoPresto >Priority: Major > Labels: aead, encryption, kdf, pbe, security > Fix For: 1.12.0 > > Time Spent: 1h 50m > Remaining Estimate: 0h > > A user requested a change from AES-CBC to AES-G/CM for the > {{nifi.sensitive.props.algorithm}} in {{nifi.properties}}. The current > possible values are all {{EncryptionMethod}} enum values, which includes raw > (directly-keyed vs. PBE) AES-G/CM, but this would require a valid > hexadecimal-encoded AES key in the {{nifi.sensitive.props.key}} value. One or > more new {{EncryptionMethod}} entries which combine reasonable default values > for a KDF (Argon2, bcrypt, scrypt, PBKDF2) and AEAD mode of operation > (AES-G/CM) would allow for simpler configuration and migration. The other > option is to enhance the {{EncryptionMethod}} enum values with custom values > in the {{NiFiProperties}} or {{StringEncryptor}} class which provide an > additional level of security without modifying the {{EncryptionMethod}} enum > directly, as the {{EncryptContent}} processor already allows independent > configuration of a KDF and cipher algorithm (see NIFI-7122 / [PR > 4228|https://github.com/apache/nifi/pull/4228]). -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (NIFI-7638) Add PBE AEAD sensitive flow property protection scheme
[ https://issues.apache.org/jira/browse/NIFI-7638?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Andy LoPresto updated NIFI-7638: Status: Patch Available (was: In Progress) > Add PBE AEAD sensitive flow property protection scheme > -- > > Key: NIFI-7638 > URL: https://issues.apache.org/jira/browse/NIFI-7638 > Project: Apache NiFi > Issue Type: Improvement > Components: Configuration Management, Core Framework >Affects Versions: 1.11.4 >Reporter: Andy LoPresto >Assignee: Andy LoPresto >Priority: Major > Labels: aead, encryption, kdf, pbe, security > Time Spent: 1h 50m > Remaining Estimate: 0h > > A user requested a change from AES-CBC to AES-G/CM for the > {{nifi.sensitive.props.algorithm}} in {{nifi.properties}}. The current > possible values are all {{EncryptionMethod}} enum values, which includes raw > (directly-keyed vs. PBE) AES-G/CM, but this would require a valid > hexadecimal-encoded AES key in the {{nifi.sensitive.props.key}} value. One or > more new {{EncryptionMethod}} entries which combine reasonable default values > for a KDF (Argon2, bcrypt, scrypt, PBKDF2) and AEAD mode of operation > (AES-G/CM) would allow for simpler configuration and migration. The other > option is to enhance the {{EncryptionMethod}} enum values with custom values > in the {{NiFiProperties}} or {{StringEncryptor}} class which provide an > additional level of security without modifying the {{EncryptionMethod}} enum > directly, as the {{EncryptContent}} processor already allows independent > configuration of a KDF and cipher algorithm (see NIFI-7122 / [PR > 4228|https://github.com/apache/nifi/pull/4228]). -- This message was sent by Atlassian Jira (v8.3.4#803005)