[NIFI-1242] Password-based encryption is not compatible with OpenSSL - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Resolved
Priority: Critical
Resolution: Fixed
Affects Version/s: 0.4.0
Fix Version/s: 0.4.0
Component/s: Extensions
Labels:
- security

Description

Despite the algorithm names indicating compatibility with OpenSSL, the current password-based encryption processors cannot decrypt data that was encrypted with OpenSSL external to NiFi.

I will create a new OpenSSLPBEEncryptor implementation, a new EncryptionMethod, and wire the logic in EncryptContent to select the correct encryptor.

I have a more in-depth explanation of the issue at https://github.com/alopresto/opensslpbeencryptor/blob/master/blog.md, but the fix is done in a sandbox and will be moved into NiFi by morning 12/03/15.

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

Decrypt_Alter_Encrypt_OpenSSL.xml
04/Dec/15 22:07
43 kB
Joe Witt
NIFI-1242.0001.patch
04/Dec/15 16:59
30 kB
Aldrin Piri

Issue Links

relates to

NIFI-1255 Evaluate JCE cryptography with PBE and limited strength cryptography

Resolved

NIFI-1257 Provide additional KDFs for EncryptContent

Resolved

NIFI-1259 Provide keyed symmetric encryption capability

Resolved

Activity

People

Assignee:: Andy LoPresto

Reporter:: Andy LoPresto

Votes:: 0 Vote for this issue

Watchers:: 6 Start watching this issue

Dates

Created:: 02/Dec/15 20:40

Updated:: 05/Dec/15 01:11

Resolved:: 05/Dec/15 01:11

Time Tracking

Estimated:

24h

Remaining:

24h

Logged:

Not Specified