[NIFI-1259] Provide keyed symmetric encryption capability - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Improvement
Status: Resolved
Priority: Major
Resolution: Fixed
Affects Version/s: 0.4.0
Fix Version/s: 0.5.0
Component/s: Core Framework
Labels:
- encryption
- security

Description

Currently the only symmetric encryption/decryption capability in EncryptContent processor is via password-based encryption (PBE). We should add support for key-based encryption. This is far more common in systems communication that are not reading from/writing to "human-protected" data where password memorization is important.

I recommend providing AES/CBC/PKCS5Padding with 128, 192, and 256 bit keys as well as AES/GCM/NoPadding with the same key sizes for authenticated encryption with associated data (AEAD) capabilities.

Attachments

Issue Links

Is contained by

NIFI-1257 Provide additional KDFs for EncryptContent

Resolved

is related to

NIFI-1242 Password-based encryption is not compatible with OpenSSL

Resolved

NIFI-1255 Evaluate JCE cryptography with PBE and limited strength cryptography

Resolved

NIFI-1257 Provide additional KDFs for EncryptContent

Resolved

Activity

People

Assignee:: Andy LoPresto

Reporter:: Andy LoPresto

Votes:: 0 Vote for this issue

Watchers:: 4 Start watching this issue

Dates

Created:: 04/Dec/15 20:34

Updated:: 05/Feb/16 00:41

Resolved:: 05/Feb/16 00:39