[jira] [Commented] (NIFI-7836) Add Encrypt and Decrypt CMS Processors and Services
[ https://issues.apache.org/jira/browse/NIFI-7836?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17447991#comment-17447991 ] Gabriel Barbu commented on NIFI-7836: - David, I am looking forward for the support for CMS encryption/decryption support in NiFi. I need this functionality on a project I am working on and the repository that you added in the above comment helped a lot. I am hoping this will be part of NiFi in the future. Thanks. > Add Encrypt and Decrypt CMS Processors and Services > --- > > Key: NIFI-7836 > URL: https://issues.apache.org/jira/browse/NIFI-7836 > Project: Apache NiFi > Issue Type: New Feature > Components: Extensions >Affects Versions: 1.12.0 >Reporter: David Handermann >Assignee: David Handermann >Priority: Major > Labels: cms, encryption, security, smime, x509 > Time Spent: 0.5h > Remaining Estimate: 0h > > The purpose of this issue is to add new Processors and Controller Services > supporting encryption and decryption using Cryptographic Message Syntax as > defined in RFC 5652. > CMS provides the underlying specification for S/MIME messages and also > supports encryption and decryption using X.509 certificates. Standard Java > Key Stores can be used to support encrypting messages for one or more > recipients. Decrypting messages can also be supported based on matching > certificate serial number and issuer attributes. > The current EncryptContent Processor supports encryption using passwords and > PGP keys, but does not support encryption using X.509 certificates. New > Processors for encryption and decryption would support encryption using X.509 > certificates using CMS classes in the Bouncy Castle library. New Controller > Services would provide access to certificate and private key information from > standard Java Key Stores. -- This message was sent by Atlassian Jira (v8.20.1#820001)
[jira] [Commented] (NIFI-7836) Add Encrypt and Decrypt CMS Processors and Services
[ https://issues.apache.org/jira/browse/NIFI-7836?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17201872#comment-17201872 ] David Handermann commented on NIFI-7836: Andy, After looking at the EncryptContent Processor and considering your comments, I can see at least two potential implementation approaches: # Create a new generic Processor with a Controller Service interface that could be implemented for various encryption algorithms, along the lines of the EncryptContent.Encryptor interface # Create a new package under standard-processors with distinct Processors for each algorithm and encryption or decryption operation Although the EncryptContent.Encryptor interface abstracts a number of things, the EncryptContent still has a large number of optional properties that apply only to particular algorithms. It seems like a generic Controller Service would be too generic to be meaningful. Even encrypt and decrypt operations can have different types of properties, as in the case of public key encryption. If you have any additional details on the direction you would like to go with separate processors, that would be helpful to know. The initial implementation I am proposing includes two distinct Processors, one for encryption, one for decryption. > Add Encrypt and Decrypt CMS Processors and Services > --- > > Key: NIFI-7836 > URL: https://issues.apache.org/jira/browse/NIFI-7836 > Project: Apache NiFi > Issue Type: New Feature > Components: Extensions >Affects Versions: 1.12.0 >Reporter: David Handermann >Assignee: David Handermann >Priority: Major > Labels: cms, encryption, security, smime, x509 > > The purpose of this issue is to add new Processors and Controller Services > supporting encryption and decryption using Cryptographic Message Syntax as > defined in RFC 5652. > CMS provides the underlying specification for S/MIME messages and also > supports encryption and decryption using X.509 certificates. Standard Java > Key Stores can be used to support encrypting messages for one or more > recipients. Decrypting messages can also be supported based on matching > certificate serial number and issuer attributes. > The current EncryptContent Processor supports encryption using passwords and > PGP keys, but does not support encryption using X.509 certificates. New > Processors for encryption and decryption would support encryption using X.509 > certificates using CMS classes in the Bouncy Castle library. New Controller > Services would provide access to certificate and private key information from > standard Java Key Stores. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (NIFI-7836) Add Encrypt and Decrypt CMS Processors and Services
[ https://issues.apache.org/jira/browse/NIFI-7836?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17200491#comment-17200491 ] David Handermann commented on NIFI-7836: Andy, Thanks for the quick response, this is a proposal to implement the Processors and Controller Services. I recently pushed an initial working implementations to my personal GitHub repository: [https://github.com/exceptionfactory/nifi-cms-bundle] I was planning to take these components and submit them in a new pull request. Should I proceed with that approach, or would you recommend taking a step back and evaluating how to refactor the EncryptContent Processor? The CMS format is a different approach than the password or PGP-based implementations. > Add Encrypt and Decrypt CMS Processors and Services > --- > > Key: NIFI-7836 > URL: https://issues.apache.org/jira/browse/NIFI-7836 > Project: Apache NiFi > Issue Type: New Feature > Components: Extensions >Affects Versions: 1.12.0 >Reporter: David Handermann >Priority: Major > Labels: cms, encryption, security, smime, x509 > > The purpose of this issue is to add new Processors and Controller Services > supporting encryption and decryption using Cryptographic Message Syntax as > defined in RFC 5652. > CMS provides the underlying specification for S/MIME messages and also > supports encryption and decryption using X.509 certificates. Standard Java > Key Stores can be used to support encrypting messages for one or more > recipients. Decrypting messages can also be supported based on matching > certificate serial number and issuer attributes. > The current EncryptContent Processor supports encryption using passwords and > PGP keys, but does not support encryption using X.509 certificates. New > Processors for encryption and decryption would support encryption using X.509 > certificates using CMS classes in the Bouncy Castle library. New Controller > Services would provide access to certificate and private key information from > standard Java Key Stores. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (NIFI-7836) Add Encrypt and Decrypt CMS Processors and Services
[ https://issues.apache.org/jira/browse/NIFI-7836?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17200462#comment-17200462 ] Andy LoPresto commented on NIFI-7836: - Hi David, are you proposing to implement this or just requesting it? There are outstanding tickets for refactoring the generic {{EncryptContent}} processor to split out symmetric key management to controller services, PGP encryption/decryption/signing/verification to separate processors sharing key management controller services, etc. I think it makes sense to come up with a standard organizational and naming approach and then implement each of the algorithm families in that way. > Add Encrypt and Decrypt CMS Processors and Services > --- > > Key: NIFI-7836 > URL: https://issues.apache.org/jira/browse/NIFI-7836 > Project: Apache NiFi > Issue Type: New Feature > Components: Extensions >Reporter: David Handermann >Priority: Major > > The purpose of this issue is to add new Processors and Controller Services > supporting encryption and decryption using Cryptographic Message Syntax as > defined in RFC 5652. > CMS provides the underlying specification for S/MIME messages and also > supports encryption and decryption using X.509 certificates. Standard Java > Key Stores can be used to support encrypting messages for one or more > recipients. Decrypting messages can also be supported based on matching > certificate serial number and issuer attributes. > The current EncryptContent Processor supports encryption using passwords and > PGP keys, but does not support encryption using X.509 certificates. New > Processors for encryption and decryption would support encryption using X.509 > certificates using CMS classes in the Bouncy Castle library. New Controller > Services would provide access to certificate and private key information from > standard Java Key Stores. -- This message was sent by Atlassian Jira (v8.3.4#803005)