[NIFI-5335] PGP processor cannot handle multiple passworded keys in a pgp keyring. - ASF JIRA

Attach files

Attach Screenshot

Voters

Watch issue

Watchers

Create sub-task

Link

Clone

Update Comment Author

Replace String in Comment

Update Comment Visibility

Delete Comments

XML

Word

Printable

JSON

Details

Type: Improvement
Status: Resolved
Priority: Major
Resolution: Fixed
Affects Version/s: 1.5.0
Fix Version/s: 1.14.0
Component/s: Configuration Management
Labels:
- encryption
- pgp
- security
Environment:
RHEL

Description

The Encrypt Content processor can handle only one passworded PGP Secret key on a given keyring.

To decrypt files from multiple data sources with different passworded PGP Secret Keys, we are forced to create a separate key ring for each data source, containing a single passworded PGP Secret Key.

It would be optimal to be able to point the decryption processor at a single NIFI user keyring that had multiple data source Secret Keys, each passworded. We would then be able to pass either the SEC ID (eg; 1024D/671D6CAF or the UID (eg. dunnhumby - SMG - Prod) and the password for the given Secret Key.

Ideally the attached image would also include a Private Key Identifier to distinguish which jey on the ring to use, that would match the Private Keyring Passphrase.