Uploaded image for project: 'Apache NiFi'
  1. Apache NiFi
  2. NIFI-7669

Add flow protection key caching mechanism for derived keys

    XMLWordPrintableJSON

Details

    Description

      The specific algorithm introduced in NIFI-7638 introduces a ~1 sec delay in every encryption operation (which occurs during every flow synchronization and serialization to disk) due to the Argon2 KDF process. This is an acceptable tradeoff for security-conscious users at this time, but can be improved through a key caching mechanism in memory. Deriving the key once at application startup and using it directly will remove this delay, and the key cannot change without an application restart.

      Attachments

        Issue Links

          is related to

          Improvement - An improvement or enhancement to an existing feature or task. NIFI-7638 Add PBE AEAD sensitive flow property protection scheme

          • Major - Major loss of function.
          • Resolved

          Improvement - An improvement or enhancement to an existing feature or task. NIFI-7668 Add configurable PBE AEAD algorithms to flow encryption

          • Major - Major loss of function.
          • Resolved
          links to

          Web Link GitHub Pull Request #4435

          Activity

            People

              alopresto Andy LoPresto
              alopresto Andy LoPresto
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Time Tracking

                  Estimated:
                  Original Estimate - Not Specified
                  Not Specified
                  Remaining:
                  Remaining Estimate - 0h
                  0h
                  Logged:
                  Time Spent - 0.5h
                  0.5h