Hi Madhan, Thanks for summarizing your use case. EncryptContent supports a variety of configuration options, but it is currently limited to either password-based encryption or PGP-based encryption as you described.
As a proof-of-concept, I recently created several custom NiFi Processors and Controller Services to support content encryption and decryption using X.509 certificates and keys. The content format is Cryptographic Message Syntax (CMS), which is the format underlying S/MIME email encryption. The purpose of these components is to support content encryption using standard public-key infrastructure certificates and keys. The implementation currently supports configurable keystores in NiFi, formatted as either JKS or PKCS12 files. Bouncy Castle, on which the implementation is based, also provides a C# API <http://www.bouncycastle.org/csharp/>, which you might be able to integrate on the receiving end. For reference, here is the current proof-of-concept repository which contains the source code for the NiFi components: https://github.com/exceptionfactory/nifi-cms-bundle There is also an open Pull Request for NIFI-7836 <https://github.com/apache/nifi/pull/4557>, which has not yet been reviewed. Please feel free to comment on the PR or the Jira issue <https://issues.apache.org/jira/browse/NIFI-7836> if you have any thoughts on the implementation or potential use cases. Regards, David Handermann On Mon, Nov 30, 2020 at 11:03 AM Madhan Vishwas <[email protected]> wrote: > Hi All, > I am using EncryptContent (with PGP) for encrypting Text File Data. > The intent here is to implement Asymmetric Encryption for Cross-Platform > purpose. (Encryption and Data Source is at NiFi side - while the recipient > and decryption is at .Net / C# side). > > However, the organization policies mandate me to move away from PGP. > > This leaves me with two approaches - one is to use hybrid approach with > one of the symmetric algorithms (AES-GCM for instance) used in combination > with RSA for encrypting / decrypting the key. > > Another approach suggested is to use ECC. > However, as my understanding goes - as of now NiFi doesn't support ECC and > this will likely require custom processor implementation. > > Any hint / advice on easy implementation of either approach would be > hugely appreciated. > > Thanks in advance. > Cheers, > Madhan, >
