The nifi-security-utils module includes classes that perform a variety of functions from TLS communication handling to hashing and encryption operations. Many of these classes do not depend on the Bouncy Castle Security Provider library, but many NAR bundles include a dependency on nifi-security-utils either directly or indirectly through nifi-processor-utils. The Bouncy Castle Security Provider library is almost 6 MB, which contributes a notable amount to the size of the NiFi assembled binary after completion, due to the number of copies of the library. Refactoring nifi-security-utils into more granular modules should remove the transitive inclusion of Bouncy Castle from a number of modules.
Several capabilities, including Kerberos handling and SSLSocket classes can be separated into discrete modules without dependence on Bouncy Castle. Other classes used for secure hashing and cipher processing rely on Bouncy Castle, but have uses limited to framework components.