Details
-
Improvement
-
Status: Resolved
-
Minor
-
Resolution: Won't Fix
-
None
-
None
Description
MergeContent should be improved to support creation of password-protected Zip files. NIFI-7777 introduced support of decrypting password-protected Zip files using Zip4j and the same library can be leveraged to support password-based encryption using either ZipCrypto Standard encryption or AES encryption.
Following the Zip File Format Specification Appendix E, Zip4J supports AES-CTR with key lengths of either 128 or 256, and uses HMAC-SHA1 for PBKDF2. WinZip describes the implementation in more detail under the heading of AE-1 and AE-2 specifications. The Zip4j implementation also appears to limit passwords to ISO-8859-1 characters, which should be checked during property validation.
ZipCrypto has known security flaws, which should be at least mentioned in the property description.
The implementation should introduce new optional properties for Encryption Password and Encryption Method, listing ZipCrypto, AES-128-CTR and AES-256-CTR as options. The implementation should also write Flow File attributes indicating the cryptographic algorithm used.