[jira] [Updated] (NIFI-7638) Add PBE AEAD sensitive flow property protection scheme
[
https://issues.apache.org/jira/browse/NIFI-7638?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Andy LoPresto updated NIFI-7638:
Fix Version/s: 1.12.0
Resolution: Fixed
Status: Resolved (was: Patch Available)
> Add PBE AEAD sensitive flow property protection scheme
> --
>
> Key: NIFI-7638
> URL: https://issues.apache.org/jira/browse/NIFI-7638
> Project: Apache NiFi
> Issue Type: Improvement
> Components: Configuration Management, Core Framework
>Affects Versions: 1.11.4
>Reporter: Andy LoPresto
>Assignee: Andy LoPresto
>Priority: Major
> Labels: aead, encryption, kdf, pbe, security
> Fix For: 1.12.0
>
> Time Spent: 1h 50m
> Remaining Estimate: 0h
>
> A user requested a change from AES-CBC to AES-G/CM for the
> {{nifi.sensitive.props.algorithm}} in {{nifi.properties}}. The current
> possible values are all {{EncryptionMethod}} enum values, which includes raw
> (directly-keyed vs. PBE) AES-G/CM, but this would require a valid
> hexadecimal-encoded AES key in the {{nifi.sensitive.props.key}} value. One or
> more new {{EncryptionMethod}} entries which combine reasonable default values
> for a KDF (Argon2, bcrypt, scrypt, PBKDF2) and AEAD mode of operation
> (AES-G/CM) would allow for simpler configuration and migration. The other
> option is to enhance the {{EncryptionMethod}} enum values with custom values
> in the {{NiFiProperties}} or {{StringEncryptor}} class which provide an
> additional level of security without modifying the {{EncryptionMethod}} enum
> directly, as the {{EncryptContent}} processor already allows independent
> configuration of a KDF and cipher algorithm (see NIFI-7122 / [PR
> 4228|https://github.com/apache/nifi/pull/4228]).
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
[jira] [Updated] (NIFI-7638) Add PBE AEAD sensitive flow property protection scheme
[
https://issues.apache.org/jira/browse/NIFI-7638?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Andy LoPresto updated NIFI-7638:
Status: Patch Available (was: In Progress)
> Add PBE AEAD sensitive flow property protection scheme
> --
>
> Key: NIFI-7638
> URL: https://issues.apache.org/jira/browse/NIFI-7638
> Project: Apache NiFi
> Issue Type: Improvement
> Components: Configuration Management, Core Framework
>Affects Versions: 1.11.4
>Reporter: Andy LoPresto
>Assignee: Andy LoPresto
>Priority: Major
> Labels: aead, encryption, kdf, pbe, security
> Time Spent: 1h 50m
> Remaining Estimate: 0h
>
> A user requested a change from AES-CBC to AES-G/CM for the
> {{nifi.sensitive.props.algorithm}} in {{nifi.properties}}. The current
> possible values are all {{EncryptionMethod}} enum values, which includes raw
> (directly-keyed vs. PBE) AES-G/CM, but this would require a valid
> hexadecimal-encoded AES key in the {{nifi.sensitive.props.key}} value. One or
> more new {{EncryptionMethod}} entries which combine reasonable default values
> for a KDF (Argon2, bcrypt, scrypt, PBKDF2) and AEAD mode of operation
> (AES-G/CM) would allow for simpler configuration and migration. The other
> option is to enhance the {{EncryptionMethod}} enum values with custom values
> in the {{NiFiProperties}} or {{StringEncryptor}} class which provide an
> additional level of security without modifying the {{EncryptionMethod}} enum
> directly, as the {{EncryptContent}} processor already allows independent
> configuration of a KDF and cipher algorithm (see NIFI-7122 / [PR
> 4228|https://github.com/apache/nifi/pull/4228]).
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
