Uploaded image for project: 'Apache NiFi'
  1. Apache NiFi
  2. NIFI-5586

Add capability to generate ECDSA keys to TLS Toolkit

    XMLWordPrintableJSON

Details

    Description

      The TLS Toolkit should be able to generate ECDSA keys to enable NiFi to support ECDSA cipher suites.

      Currently, ECDSA keys can be manually generated using external tools and loaded into a keystore and truststore that are compatible with NiFi. 

      keytool -genkeypair -alias ec -keyalg EC -keysize 256 -sigalg SHA256withECDSA -validity 365 -storetype JKS -keystore ec-keystore.jks -storepass passwordpassword
keytool -export -alias ec -keystore ec-keystore.jks -file ec-public.pem
keytool -import -alias ec -file ec-public.pem -keystore ec-truststore.jks -storepass passwordpassword

      Attachments

        Issue Links

          depends upon

          Improvement - An improvement or enhancement to an existing feature or task. NIFI-1995 Support keystores with multiple certificates by exposing alias selection in configuration

          • Major - Major loss of function.
          • Open
          Is contained by

          Epic - Created by Jira Software - do not edit or delete. Issue type for a big user story that needs to be broken down. NIFI-5458 Improve NiFi TLS and certificate management

          • Major - Major loss of function.
          • Resolved
          is related to

          Task - A task that needs to be done. NIFI-12200 Remove nifi-toolkit-tls module

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Resolved

          Activity

            People

              Unassigned Unassigned
              alopresto Andy LoPresto
              Votes:
              1 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: