Uploaded image for project: 'Apache NiFi'
  1. Apache NiFi
  2. NIFI-1242

Password-based encryption is not compatible with OpenSSL

    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Critical
    • Resolution: Fixed
    • Affects Version/s: 0.4.0
    • Fix Version/s: 0.4.0
    • Component/s: Extensions
    • Labels:

      Description

      Despite the algorithm names indicating compatibility with OpenSSL, the current password-based encryption processors cannot decrypt data that was encrypted with OpenSSL external to NiFi.

      I will create a new OpenSSLPBEEncryptor implementation, a new EncryptionMethod, and wire the logic in EncryptContent to select the correct encryptor.

      I have a more in-depth explanation of the issue at https://github.com/alopresto/opensslpbeencryptor/blob/master/blog.md, but the fix is done in a sandbox and will be moved into NiFi by morning 12/03/15.

        Attachments

        1. Decrypt_Alter_Encrypt_OpenSSL.xml
          43 kB
          Joe Witt
        2. NIFI-1242.0001.patch
          30 kB
          Aldrin Piri

          Issue Links

            Activity

              People

              • Assignee:
                alopresto Andy LoPresto
                Reporter:
                alopresto Andy LoPresto
              • Votes:
                0 Vote for this issue
                Watchers:
                6 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:

                  Time Tracking

                  Estimated:
                  Original Estimate - 24h
                  24h
                  Remaining:
                  Remaining Estimate - 24h
                  24h
                  Logged:
                  Time Spent - Not Specified
                  Not Specified