Thanks David, it worked after the suggested manual changes in both the files.
Thanks a lot for the help Sanjeet On Wed, 4 May 2022 at 10:24 PM, David Handermann < exceptionfact...@apache.org> wrote: > Hi Sanjeet, > > Following up on my previous reply, the potential workaround would actually > require changing "aes/gcm/256" to "AES_GCM". I am looking into addressing > this problem in a Jira issue. > > Regards, > David Handermann > > On Wed, May 4, 2022 at 11:41 AM David Handermann < > exceptionfact...@apache.org> wrote: > >> Hi Sanjeet, >> >> Reviewing the implementation related to the error message you provided, >> it looks like this could be a bug with decrypting values in authorizers.xml. >> >> As a workaround, can you try manually editing authorizers.xml and >> login-identity-providers.xml, changing "aes/gcm/256" to just "aes/gcm"? >> >> The protection scheme resolver should match the standard value, but there >> may be a problem with the comparison of encryption scheme names. Changing >> the "encryption" attribute value to "aes/gcm" may work around the problem, >> but it sounds like this may need to be addressed in a Jira issue. >> >> Regards, >> David Handermann >> >> On Wed, May 4, 2022 at 11:22 AM sanjeet rath <rath.sanj...@gmail.com> >> wrote: >> >>> Hi Isha, >>> >>> We are using same java instalation. >>> >>> Our java version is open idk 11. >>> >>> In the same system only we are able to encrypt aes/gcm/256 for our old >>> 1.12.1 nifi version. >>> >>> Thanks, >>> Sanjeet >>> >>> >>> On Wed, 4 May 2022 at 8:40 PM, Isha Lamboo < >>> isha.lam...@virtualsciences.nl> wrote: >>> >>>> Hi Sanjeeth, >>>> >>>> >>>> >>>> Are you performing the toolkit encryption using the same java >>>> installation that’s running the NiFi server? >>>> >>>> >>>> >>>> If not, you may be running into problems because of encryption >>>> limitations on the java version on your NiFi server. >>>> >>>> I think AES256 needs the “Unlimited Strength Encryption” policy and >>>> that may not be enabled (or even allowed to be enabled in your country). >>>> >>>> >>>> >>>> If you run the toolkit with the same java installation as the server, >>>> you can verify this. It should either use aes/gcm/128 or give the same >>>> error if it tries to use aes/gcm/256. >>>> >>>> >>>> >>>> Another thing to check is whether you’re using Java 8-251 or newer as >>>> the migration guidance states. >>>> >>>> >>>> >>>> Regards, >>>> >>>> >>>> >>>> Isha >>>> >>>> >>>> >>>> >>>> >>>> *Van:* sanjeet rath <rath.sanj...@gmail.com> >>>> *Verzonden:* woensdag 4 mei 2022 17:09 >>>> *Aan:* users@nifi.apache.org >>>> *Onderwerp:* Re: Nifi 1.16.1 migration failed for encrypted of >>>> sensitive values >>>> >>>> >>>> >>>> Thanks Pierre for the quick response. I have followed the same doc and >>>> this is the 3rd version upgrade I am doing for nifi. >>>> >>>> >>>> >>>> Actually if u see the last line of the error it looks like aes/gcm/256 >>>> is not supported. >>>> >>>> >>>> >>>> So if you could point something I am doing wrong for this specific >>>> 1.16.1 version then it would be really helpful for me. >>>> >>>> >>>> >>>> Thanks, >>>> >>>> Sanjeet >>>> >>>> >>>> >>>> >>>> >>>> >>>> >>>> On Wed, 4 May 2022 at 8:20 PM, Pierre Villard < >>>> pierre.villard...@gmail.com> wrote: >>>> >>>> Hi, >>>> >>>> >>>> >>>> I recommend reading the migration guidance documentation: >>>> >>>> https://cwiki.apache.org/confluence/display/NIFI/Migration+Guidance >>>> <https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fcwiki.apache.org%2Fconfluence%2Fdisplay%2FNIFI%2FMigration%2BGuidance&data=05%7C01%7Cisha.lamboo%40virtualsciences.nl%7Ca6cf25040df64db1d3c908da2de0058f%7C21429da9e4ad45f99a6fcd126a64274b%7C0%7C0%7C637872737450174797%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=GMsVs2HdwuGzny9ty2yfXgr0593suh0l1ULuErpvWlw%3D&reserved=0> >>>> >>>> >>>> >>>> HTH, >>>> >>>> Pierre >>>> >>>> >>>> >>>> Le mer. 4 mai 2022 à 16:46, sanjeet rath <rath.sanj...@gmail.com> a >>>> écrit : >>>> >>>> Hi , >>>> >>>> >>>> >>>> I am facing one issue in migration from 1.12 to 1.16.1 . >>>> >>>> I have created one 1.16.1 cluster.And copied flow.xml , authoriser and >>>> authorisation user file my previous 1.12 version of cluster to this new >>>> cluster. >>>> >>>> >>>> >>>> When I am starting the cluster with all the keystone password in >>>> authoriser and loginidentifer and nifi sensitive key value unencrypted in >>>> nifi properties file. Then cluster came without any issue. >>>> >>>> >>>> >>>> When I am encrypting using keytool , all the properties are succefully >>>> encrypted. How ever while starting the cluster getting one error >>>> >>>> >>>> >>>> Error in creating bean with name ‘authoriser’ factory bean threw >>>> exception on object creation nested exception is org.apache.nifi.project. >>>> Senstivepropertyprotectionexception: protection scheme [aes/gcm/256] is >>>> not supported. >>>> >>>> >>>> >>>> Any hint is really helpful as trying from last 2 days. >>>> >>>> >>>> >>>> Thanks and regards >>>> >>>> Sanjeet >>>> >>>> >>>> >>>> >>>> >>>> >>>> >>>> >>>> >>>> -- >>>> >>>> Sanjeet Kumar Rath, >>>> mob- +91 8777577470 >>>> >>>> -- >>>> >>>> Sanjeet Kumar Rath, >>>> mob- +91 8777577470 >>>> >>> -- >>> Sanjeet Kumar Rath, >>> mob- +91 8777577470 >>> >>> -- Sanjeet Kumar Rath, mob- +91 8777577470
