Hi David, Thank you for your response. I am looking up and will revert back with more details. - Madhan,
On Tue, 1 Dec 2020 at 00:28, David Handermann <exceptionfact...@gmail.com> wrote: > Hi Madhan, > > Thanks for summarizing your use case. EncryptContent supports a variety > of configuration options, but it is currently limited to either > password-based encryption or PGP-based encryption as you described. > > As a proof-of-concept, I recently created several custom NiFi Processors > and Controller Services to support content encryption and decryption using > X.509 certificates and keys. The content format is Cryptographic Message > Syntax (CMS), which is the format underlying S/MIME email encryption. The > purpose of these components is to support content encryption using standard > public-key infrastructure certificates and keys. The implementation > currently supports configurable keystores in NiFi, formatted as either JKS > or PKCS12 files. Bouncy Castle, on which the implementation is based, also > provides a C# API <http://www.bouncycastle.org/csharp/>, which you might > be able to integrate on the receiving end. > > For reference, here is the current proof-of-concept repository which > contains the source code for the NiFi components: > > https://github.com/exceptionfactory/nifi-cms-bundle > > There is also an open Pull Request for NIFI-7836 > <https://github.com/apache/nifi/pull/4557>, which has not yet been > reviewed. > > Please feel free to comment on the PR or the Jira issue > <https://issues.apache.org/jira/browse/NIFI-7836> if you have any > thoughts on the implementation or potential use cases. > > Regards, > David Handermann > > On Mon, Nov 30, 2020 at 11:03 AM Madhan Vishwas < > madhan.kolhap...@gmail.com> wrote: > >> Hi All, >> I am using EncryptContent (with PGP) for encrypting Text File Data. >> The intent here is to implement Asymmetric Encryption for Cross-Platform >> purpose. (Encryption and Data Source is at NiFi side - while the recipient >> and decryption is at .Net / C# side). >> >> However, the organization policies mandate me to move away from PGP. >> >> This leaves me with two approaches - one is to use hybrid approach with >> one of the symmetric algorithms (AES-GCM for instance) used in combination >> with RSA for encrypting / decrypting the key. >> >> Another approach suggested is to use ECC. >> However, as my understanding goes - as of now NiFi doesn't support ECC >> and this will likely require custom processor implementation. >> >> Any hint / advice on easy implementation of either approach would be >> hugely appreciated. >> >> Thanks in advance. >> Cheers, >> Madhan, >> >
