Uploaded image for project: 'Apache NiFi'
  1. Apache NiFi
  2. NIFI-8094

Support BCFKS Keystore Type

    XMLWordPrintableJSON

    Details

      Description

      The Bouncy Castle FIPS Key Store (BCFKS) format supports storage of certificates and private keys using AES-CCM and PBKDF2 algorithms, providing greater security than the standard JKS and PKCS12 implementations. Support for BCFKS can be implemented using Bouncy Castle security provider libraries that are already leveraged throughout the system.

      Initial support should include the ability to specify BCFKS as the key store and trust store type in standard properties files as well as the ability to select BCFKS in implementations of the SSLContextService.

      Extension components that do not use SSLContextService.createSSLContext() may need additional work, which should be addressed in related issues following this implementation.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                exceptionfactory David Handermann
                Reporter:
                exceptionfactory David Handermann
              • Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:

                  Time Tracking

                  Estimated:
                  Original Estimate - Not Specified
                  Not Specified
                  Remaining:
                  Remaining Estimate - 0h
                  0h
                  Logged:
                  Time Spent - 1h 10m
                  1h 10m