[NIFI-8094] Support BCFKS Keystore Type - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Improvement
Status: Resolved
Priority: Minor
Resolution: Fixed
Affects Version/s: 1.12.1
Fix Version/s: 1.13.0
Component/s: Core Framework, Extensions, Security
Labels:
- FIPS
- security

Description

The Bouncy Castle FIPS Key Store (BCFKS) format supports storage of certificates and private keys using AES-CCM and PBKDF2 algorithms, providing greater security than the standard JKS and PKCS12 implementations. Support for BCFKS can be implemented using Bouncy Castle security provider libraries that are already leveraged throughout the system.

Initial support should include the ability to specify BCFKS as the key store and trust store type in standard properties files as well as the ability to select BCFKS in implementations of the SSLContextService.

Extension components that do not use SSLContextService.createSSLContext() may need additional work, which should be addressed in related issues following this implementation.

Attachments

Issue Links

links to

GitHub Pull Request #4729

Activity

People

Assignee:: David Handermann

Reporter:: David Handermann

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 14/Dec/20 20:47

Updated:: 12/Jan/21 16:47

Resolved:: 12/Jan/21 16:03

Time Tracking

Estimated:

Not Specified

Remaining:

Logged:

1h 10m