subject:"\[jira\] \[Commented\] \(NIFI\-7836\) Add Encrypt and Decrypt CMS Processors and Services"

[jira] [Commented] (NIFI-7836) Add Encrypt and Decrypt CMS Processors and Services

2021-11-23 Thread Gabriel Barbu (Jira)



[ 
https://issues.apache.org/jira/browse/NIFI-7836?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17447991#comment-17447991
 ] 

Gabriel Barbu commented on NIFI-7836:
-

David,

I am looking forward for the support for CMS encryption/decryption support in 
NiFi. I need this functionality on a project I am working on and the repository 
that you added in the above comment helped a lot. I am hoping this will be part 
of NiFi in the future.

 

Thanks.

> Add Encrypt and Decrypt CMS Processors and Services
> ---
>
> Key: NIFI-7836
> URL: https://issues.apache.org/jira/browse/NIFI-7836
> Project: Apache NiFi
>  Issue Type: New Feature
>  Components: Extensions
>Affects Versions: 1.12.0
>Reporter: David Handermann
>Assignee: David Handermann
>Priority: Major
>  Labels: cms, encryption, security, smime, x509
>  Time Spent: 0.5h
>  Remaining Estimate: 0h
>
> The purpose of this issue is to add new Processors and Controller Services 
> supporting encryption and decryption using Cryptographic Message Syntax as 
> defined in RFC 5652.
> CMS provides the underlying specification for S/MIME messages and also 
> supports encryption and decryption using X.509 certificates.  Standard Java 
> Key Stores can be used to support encrypting messages for one or more 
> recipients. Decrypting messages can also be supported based on matching 
> certificate serial number and issuer attributes.
> The current EncryptContent Processor supports encryption using passwords and 
> PGP keys, but does not support encryption using X.509 certificates. New 
> Processors for encryption and decryption would support encryption using X.509 
> certificates using CMS classes in the Bouncy Castle library.  New Controller 
> Services would provide access to certificate and private key information from 
> standard Java Key Stores.



--
This message was sent by Atlassian Jira
(v8.20.1#820001)

[jira] [Commented] (NIFI-7836) Add Encrypt and Decrypt CMS Processors and Services

2020-09-24 Thread David Handermann (Jira)



[ 
https://issues.apache.org/jira/browse/NIFI-7836?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17201872#comment-17201872
 ] 

David Handermann commented on NIFI-7836:


Andy,

After looking at the EncryptContent Processor and considering your comments, I 
can see at least two potential implementation approaches:
 # Create a new generic Processor with a Controller Service interface that 
could be implemented for various encryption algorithms, along the lines of the 
EncryptContent.Encryptor interface
 # Create a new package under standard-processors with distinct Processors for 
each algorithm and encryption or decryption operation

Although the EncryptContent.Encryptor interface abstracts a number of things, 
the EncryptContent still has a large number of optional properties that apply 
only to particular algorithms.  It seems like a generic Controller Service 
would be too generic to be meaningful.  Even encrypt and decrypt operations can 
have different types of properties, as in the case of public key encryption.

If you have any additional details on the direction you would like to go with 
separate processors, that would be helpful to know.  The initial implementation 
I am proposing includes two distinct Processors, one for encryption, one for 
decryption.

> Add Encrypt and Decrypt CMS Processors and Services
> ---
>
> Key: NIFI-7836
> URL: https://issues.apache.org/jira/browse/NIFI-7836
> Project: Apache NiFi
>  Issue Type: New Feature
>  Components: Extensions
>Affects Versions: 1.12.0
>Reporter: David Handermann
>Assignee: David Handermann
>Priority: Major
>  Labels: cms, encryption, security, smime, x509
>
> The purpose of this issue is to add new Processors and Controller Services 
> supporting encryption and decryption using Cryptographic Message Syntax as 
> defined in RFC 5652.
> CMS provides the underlying specification for S/MIME messages and also 
> supports encryption and decryption using X.509 certificates.  Standard Java 
> Key Stores can be used to support encrypting messages for one or more 
> recipients. Decrypting messages can also be supported based on matching 
> certificate serial number and issuer attributes.
> The current EncryptContent Processor supports encryption using passwords and 
> PGP keys, but does not support encryption using X.509 certificates. New 
> Processors for encryption and decryption would support encryption using X.509 
> certificates using CMS classes in the Bouncy Castle library.  New Controller 
> Services would provide access to certificate and private key information from 
> standard Java Key Stores.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

[jira] [Commented] (NIFI-7836) Add Encrypt and Decrypt CMS Processors and Services

2020-09-22 Thread David Handermann (Jira)



[ 
https://issues.apache.org/jira/browse/NIFI-7836?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17200491#comment-17200491
 ] 

David Handermann commented on NIFI-7836:


Andy,

Thanks for the quick response, this is a proposal to implement the Processors 
and Controller Services.  I recently pushed an initial working implementations 
to my personal GitHub repository:

[https://github.com/exceptionfactory/nifi-cms-bundle]

I was planning to take these components and submit them in a new pull request.  
Should I proceed with that approach, or would you recommend taking a step back 
and evaluating how to refactor the EncryptContent Processor?  The CMS format is 
a different approach than the password or PGP-based implementations.

> Add Encrypt and Decrypt CMS Processors and Services
> ---
>
> Key: NIFI-7836
> URL: https://issues.apache.org/jira/browse/NIFI-7836
> Project: Apache NiFi
>  Issue Type: New Feature
>  Components: Extensions
>Affects Versions: 1.12.0
>Reporter: David Handermann
>Priority: Major
>  Labels: cms, encryption, security, smime, x509
>
> The purpose of this issue is to add new Processors and Controller Services 
> supporting encryption and decryption using Cryptographic Message Syntax as 
> defined in RFC 5652.
> CMS provides the underlying specification for S/MIME messages and also 
> supports encryption and decryption using X.509 certificates.  Standard Java 
> Key Stores can be used to support encrypting messages for one or more 
> recipients. Decrypting messages can also be supported based on matching 
> certificate serial number and issuer attributes.
> The current EncryptContent Processor supports encryption using passwords and 
> PGP keys, but does not support encryption using X.509 certificates. New 
> Processors for encryption and decryption would support encryption using X.509 
> certificates using CMS classes in the Bouncy Castle library.  New Controller 
> Services would provide access to certificate and private key information from 
> standard Java Key Stores.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

[jira] [Commented] (NIFI-7836) Add Encrypt and Decrypt CMS Processors and Services

2020-09-22 Thread Andy LoPresto (Jira)



[ 
https://issues.apache.org/jira/browse/NIFI-7836?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17200462#comment-17200462
 ] 

Andy LoPresto commented on NIFI-7836:
-

Hi David, are you proposing to implement this or just requesting it? There are 
outstanding tickets for refactoring the generic {{EncryptContent}} processor to 
split out symmetric key management to controller services, PGP 
encryption/decryption/signing/verification to separate processors sharing key 
management controller services, etc. I think it makes sense to come up with a 
standard organizational and naming approach and then implement each of the 
algorithm families in that way. 

> Add Encrypt and Decrypt CMS Processors and Services
> ---
>
> Key: NIFI-7836
> URL: https://issues.apache.org/jira/browse/NIFI-7836
> Project: Apache NiFi
>  Issue Type: New Feature
>  Components: Extensions
>Reporter: David Handermann
>Priority: Major
>
> The purpose of this issue is to add new Processors and Controller Services 
> supporting encryption and decryption using Cryptographic Message Syntax as 
> defined in RFC 5652.
> CMS provides the underlying specification for S/MIME messages and also 
> supports encryption and decryption using X.509 certificates.  Standard Java 
> Key Stores can be used to support encrypting messages for one or more 
> recipients. Decrypting messages can also be supported based on matching 
> certificate serial number and issuer attributes.
> The current EncryptContent Processor supports encryption using passwords and 
> PGP keys, but does not support encryption using X.509 certificates. New 
> Processors for encryption and decryption would support encryption using X.509 
> certificates using CMS classes in the Bouncy Castle library.  New Controller 
> Services would provide access to certificate and private key information from 
> standard Java Key Stores.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

[jira] [Commented] (NIFI-7836) Add Encrypt and Decrypt CMS Processors and Services

[jira] [Commented] (NIFI-7836) Add Encrypt and Decrypt CMS Processors and Services

[jira] [Commented] (NIFI-7836) Add Encrypt and Decrypt CMS Processors and Services

[jira] [Commented] (NIFI-7836) Add Encrypt and Decrypt CMS Processors and Services

4 matches

Site Navigation

Mail list logo

Footer information