[NIFI-7905] MergeContent should support password-protected Zip archives - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Improvement
Status: Resolved
Priority: Minor
Resolution: Won't Fix
Affects Version/s: None
Fix Version/s: None
Component/s: Extensions
Labels:
- encryption
- security
- zip

Description

MergeContent should be improved to support creation of password-protected Zip files. ~~NIFI-7777~~ introduced support of decrypting password-protected Zip files using Zip4j and the same library can be leveraged to support password-based encryption using either ZipCrypto Standard encryption or AES encryption.

Following the Zip File Format Specification Appendix E, Zip4J supports AES-CTR with key lengths of either 128 or 256, and uses HMAC-SHA1 for PBKDF2. WinZip describes the implementation in more detail under the heading of AE-1 and AE-2 specifications. The Zip4j implementation also appears to limit passwords to ISO-8859-1 characters, which should be checked during property validation.

ZipCrypto has known security flaws, which should be at least mentioned in the property description.

The implementation should introduce new optional properties for Encryption Password and Encryption Method, listing ZipCrypto, AES-128-CTR and AES-256-CTR as options. The implementation should also write Flow File attributes indicating the cryptographic algorithm used.

Attachments

Activity

People

Assignee:: David Handermann

Reporter:: David Handermann

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 09/Oct/20 01:48

Updated:: 18/Mar/21 19:57

Resolved:: 18/Mar/21 19:57