Users have requested the capability to paste the ASCII-armored key contents into an EncryptContent processor property in order to decouple from from an external keyring (for both encryption and decryption).
The private key would be protected as a sensitive property (encrypted in the flow.xml.gz the same as a password field). The public key can either be protected in the same way, or treated as a plaintext value (it is not sensitive). There should be an additional field to record the unique identifier of the respective key (i.e. key ID or fingerprint + description).
Specifying all of this information may be confusing on the default processor property dialog, and so an "Advanced"/"PGP" custom UI should be provided which organizes this information in a helpful way.
Obviously, encrypting with a literal public key or decrypting with a literal private key should be easily interoperable with another encryption/decryption operation (either with another instance of EncryptContent within NiFi referencing an external keyring or using an external tool like GnuPG).