RE: [NIFI 1.23.2] Insecure Cipher Provider Algorithm

2023-12-14 Thread Isha Lamboo 
Hi Quentin,

I've encountered similar errors in the past when trying to change the 
encryption algorithm.

Here are two things that may help:


  1.  The password/key needs to be at least 12 characters long before you 
migrate to NIFI_PBKDF2_AES_GCM_256. If it is not, you have to first change the 
password to something long enough with the old algorithm in place. If your key 
is blank, you may have to enter the old default value first: nififtw!
  2.  The command to migrate key algorithm does not support an encrypted 
configuration file. If you have the key encrypted you should replace it with 
the unencrypted version, clear the property  ...sensitivekey.protected=... and 
then migrate. After that you can re-encrypt the configuration using the nifi 
toolkit again.

Regards,

Isha

Van: Quentin HORNEMAN GUTTON 
Verzonden: woensdag 13 december 2023 14:59
Aan: users@nifi.apache.org
Onderwerp: [NIFI 1.23.2] Insecure Cipher Provider Algorithm

You don't often get email from 
qhornemangut...@gmail.com. Learn why this is 
important
Hello,

I'm facing an issue after upgrading NiFi 1.13.2 to 1.23.2.

I have a warn log with Insecure Cipher Provider Algorithm 
[PBEWITHMD5AND256BITAES-CBC-OPENSSL]. I tried to update algorithm with the 
set-sensitive-properties-algorithm command to NIFI_PBKDF2_AES_GCM_256 but I 
have an error message with < Descryption failed with algorithm > caused by < 
pad block corrupted >.

Do you have any informations that could help me ?

Best regards,

Quentin HORNEMAN GUTTON

Re: [NIFI 1.23.2] Insecure Cipher Provider Algorithm

2023-12-13 Thread Christian Wahl 
Hi,

I had the same issue changing the password and the cipher.

It worked for me using the NiFi Toolkit and applying the operation onto both 
the flow.json.gz and the flow.xml.gz
The documentation for the encrypt-config command is here:
https://nifi.apache.org/docs/nifi-docs/html/toolkit-guide.html#encrypt_config_tool

At the end I ran it using docker with a command like this:
docker run -v .:/conf apache/nifi-toolkit:1.21.0 encrypt-config -x -f 
/conf/flow.json.gz -n /conf/nifi.properties -o /conf/nifi.properties.new -s 
secret -A NIFI_ARGON2_AES_GCM_256 

Kind regards,
Christian Wahl



> On 13. Dec 2023, at 15:18, Lars Winderling  wrote:
> 
> Hi Quentin,
> 
> I second these findings. I'm getting the same error on 1.23.2 using the same 
> ciphers.
>   deb: 11
>   java: 17.0.7 Temurin
> 
> Best,
> Lars
> 
> On 23-12-13 14:58, Quentin HORNEMAN GUTTON wrote:
>> Hello,
>> 
>> I’m facing an issue after upgrading NiFi 1.13.2 to 1.23.2.
>> 
>> I have a warn log with Insecure Cipher Provider Algorithm 
>> [PBEWITHMD5AND256BITAES-CBC-OPENSSL]. I tried to update algorithm with the 
>> set-sensitive-properties-algorithm command to NIFI_PBKDF2_AES_GCM_256 but I 
>> have an error message with « Descryption failed with algorithm » caused by « 
>> pad block corrupted ».
>> 
>> Do you have any informations that could help me ?
>> 
>> Best regards,
>> 
>> Quentin HORNEMAN GUTTON
>

Re: [NIFI 1.23.2] Insecure Cipher Provider Algorithm

2023-12-13 Thread Lars Winderling 

Hi Quentin,

I second these findings. I'm getting the same error on 1.23.2 using the 
same ciphers.

  deb: 11
  java: 17.0.7 Temurin

Best,
Lars

On 23-12-13 14:58, Quentin HORNEMAN GUTTON wrote:

Hello,

I’m facing an issue after upgrading NiFi 1.13.2 to 1.23.2.

I have a warn log with Insecure Cipher Provider Algorithm 
[PBEWITHMD5AND256BITAES-CBC-OPENSSL]. I tried to update algorithm with 
the set-sensitive-properties-algorithm command to 
NIFI_PBKDF2_AES_GCM_256 but I have an error message with « Descryption 
failed with algorithm » caused by « pad block corrupted ».


Do you have any informations that could help me ?

Best regards,

Quentin HORNEMAN GUTTON




OpenPGP_signature.asc
Description: OpenPGP digital signature