Uploaded image for project: 'Apache NiFi'
  1. Apache NiFi
  2. NIFI-5346

Allow EncryptContent processor to specify PGP key as processor property

    XMLWordPrintableJSON

Details

    Description

      Users have requested the capability to paste the ASCII-armored key contents into an EncryptContent processor property in order to decouple from from an external keyring (for both encryption and decryption).

      The private key would be protected as a sensitive property (encrypted in the flow.xml.gz the same as a password field). The public key can either be protected in the same way, or treated as a plaintext value (it is not sensitive). There should be an additional field to record the unique identifier of the respective key (i.e. key ID or fingerprint + description).

      Specifying all of this information may be confusing on the default processor property dialog, and so an "Advanced"/"PGP" custom UI should be provided which organizes this information in a helpful way.

      Obviously, encrypting with a literal public key or decrypting with a literal private key should be easily interoperable with another encryption/decryption operation (either with another instance of EncryptContent within NiFi referencing an external keyring or using an external tool like GnuPG).

      Attachments

        Issue Links

          is depended upon by

          New Feature - A new feature of the product, which has yet to be developed. NIFI-7322 Add SignContentPGP and VerifyContentPGP Processors

          • Major - Major loss of function.
          • Resolved

          Improvement - An improvement or enhancement to an existing feature or task. NIFI-7396 Add encryption metadata attributes for PGP encryption

          • Major - Major loss of function.
          • Resolved
          is fixed by

          New Feature - A new feature of the product, which has yet to be developed. NIFI-8251 Add Encrypt and Decrypt PGP Processors and Services

          • Major - Major loss of function.
          • Resolved
          is related to

          Improvement - An improvement or enhancement to an existing feature or task. NIFI-5335 PGP processor cannot handle multiple passworded keys in a pgp keyring.

          • Major - Major loss of function.
          • Resolved

          Improvement - An improvement or enhancement to an existing feature or task. NIFI-6708 Improve DSA/El Gamal PGP compatibility issues

          • Major - Major loss of function.
          • Resolved

          Improvement - An improvement or enhancement to an existing feature or task. NIFI-1694 EncryptContent processor should accept keyring file or individual key file for PGP encryption/decryption

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Resolved
          relates to

          New Feature - A new feature of the product, which has yet to be developed. NIFI-7836 Add Encrypt and Decrypt CMS Processors and Services

          • Major - Major loss of function.
          • Resolved
          links to

          Web Link GitHub Pull Request #4032

          Web Link GitHub Pull Request #4077

          Activity

            People

              exceptionfactory David Handermann
              alopresto Andy LoPresto
              Votes:
              1 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Time Tracking

                  Estimated:
                  Original Estimate - Not Specified
                  Not Specified
                  Remaining:
                  Remaining Estimate - 0h
                  0h
                  Logged:
                  Time Spent - 11.5h
                  11.5h