Hi Sanjeet, If the root encryption key used in bootstrap.conf is identical, the encrypted representation of the password should be reusable. Ensure you copied the entire string (it consists of an IV encoded in Base64, || as a delimiter, and then the actual cipher text (the encrypted password) also encoded in Base64.
You can also use the Encrypt-Config Toolkit [1] to perform a migration operation if you prefer. The first error you are encountering is likely because the complete encrypted password was not copied successfully. The cipher text cannot be less than 17 characters long due to the cipher algorithm and minimum input length. The second error is likely because of an incorrect encryption key being used. The use of the correct key will result in proper padding detection and successful decryption. [1] https://nifi.apache.org/docs/nifi-docs/html/toolkit-guide.html#encrypt_config_tool <https://nifi.apache.org/docs/nifi-docs/html/toolkit-guide.html#encrypt_config_tool> Andy LoPresto [email protected] [email protected] He/Him PGP Fingerprint: 70EC B3E5 98A6 5A3F D3C4 BACE 3C6E F65B 2F7D EF69 > On Aug 27, 2020, at 6:52 AM, sanjeet rath <[email protected]> wrote: > > Hi All, > > I am facing one ussue during my migration from 1.8 to 1.11.4 > > My 1.8 env has jks key password is "xyz" > The newly created 1.11.4 has jks password "abc". > > The encripyion key used in the bootstrap file is same for both the env. > > > I have modified the pasaword of the 1.11.4 env's jks file using keytool to > "xyz". > However when i am changing its values("xyz") in nifi.properties & > authoriser.xml in 1.11.4 env.I am getting below error. > > Error in creating authoriser bean , > IlligalArgumentException can't decrypt a ciphertext less than 17 characters . > > When i am copying the encripted values for jks password from 1.8 env's > nifi.properties and replacing directly in nifi.properties& authoriser.xml of > 1.11.4 env , as the encription key is same in both, then getting. > > java.security.UnrecoverableKeyException: Get Key failed: Given final block > not properly padded. Such issues can arise if a bad key is used during > decryption. > > Could you please help me how can i use my old jks password here. > Thanks in advance. > Sanjeet
