Hi Alan, I have created a template [1] which should be able to test the issue you are encountering. It works for me (Mac OS X 10.11, NiFi 0.6.0-SNAPSHOT, gpg 2.0.28), so I am hoping you can run it on your installation and verify. I understand you are running NiFi 0.5.1, but to my knowledge, nothing in the encryption processing changed between 0.5.1 and 0.6.0.
The only issue I encountered is that “~” expansion does not work if the file path you provide to the public or secret keyring starts with the “~” shortcut for the user home directory. I do not believe this changed between 0.3.0 and 0.5.1, but it could have been a dependency change (BouncyCastle was upgraded from the legacy jdk16 version to the current and updated jdk15on [2]. I have filed a Jira for this issue [3]. Please let me know if this was the issue you were encountering, and if not, any additional information to help resolve your issue. [1] https://gist.github.com/alopresto/87494d245c9298c69352 <https://gist.github.com/alopresto/87494d245c9298c69352> [2] https://issues.apache.org/jira/browse/NIFI-1324 <https://issues.apache.org/jira/browse/NIFI-1324> [3] https://issues.apache.org/jira/browse/NIFI-1693 <https://issues.apache.org/jira/browse/NIFI-1693> Andy LoPresto alopresto.apa...@gmail.com PGP Fingerprint: 70EC B3E5 98A6 5A3F D3C4 BACE 3C6E F65B 2F7D EF69 > On Mar 28, 2016, at 4:04 PM, Andy LoPresto <alopresto.apa...@gmail.com> wrote: > > Hi Alan, > > I am investigating this issue (spinning up an instance, setting up a flow > that involves PGP encryption and decryption, etc.) to verify. > > As an aside, the setting for “Key Derivation Function” is irrelevant if > “Encryption Algorithm” is set to “PGP” or “PGP_ASCII_ARMOR”. The KDF is > required for symmetric encryption (deriving a key from the provided > password), but not used for PGP encryption/decryption at all. Unfortunately, > we cannot currently display/hide or change the required-ness of processor > properties based on the value of other properties. There is an existing Jira > open [1] to enhance this functionality. Perhaps this can be better documented > in the Admin Guide [2]. > > Can you also provide the full stacktrace and your system configuration, if > possible, to help with the troubleshooting? Thank you. > > [1] https://issues.apache.org/jira/browse/NIFI-1121 > <https://issues.apache.org/jira/browse/NIFI-1121> > [2] > https://nifi.apache.org/docs/nifi-docs/html/administration-guide.html#encryption > > <https://nifi.apache.org/docs/nifi-docs/html/administration-guide.html#encryption> > > > Andy LoPresto > alopresto.apa...@gmail.com <mailto:alopresto.apa...@gmail.com> > PGP Fingerprint: 70EC B3E5 98A6 5A3F D3C4 BACE 3C6E F65B 2F7D EF69 > >> On Mar 28, 2016, at 2:18 PM, Alan Jackoway <al...@cloudera.com >> <mailto:al...@cloudera.com>> wrote: >> >> Hello, >> >> I had an EncryptContent processor running with PGP public key encryption >> when we were running NiFi 0.4.x. >> >> We recently went up to a 0.5.x, which includes NIFI-1257 and NIFI-1259. Now >> my EncryptContent processors are failing to validate my key with an error >> message: >> 'Public Keyring File' is invalid because Invalid Public Keyring File >> filename because java.io.IOException: invalid header encountered >> >> I tried all the key derivation functions, but in all cases I got the same >> error. >> >> Is there an easy way to talk NiFi into using my key again? >> >> I have attached a public key that works on 0.3.0 (I didn't have 0.4 on my >> machine for some reason) but fails in 0.5.1. The user id is >> al...@cloudera.com <mailto:al...@cloudera.com> >> >> Is there any easy fix? Should I file a jira? >> >> Since it said invalid header, I tried taking out the comment at the top of >> the key. That didn't work. >> >> Thanks, >> Alan >> <TestPublicKey.asc> >
signature.asc
Description: Message signed with OpenPGP using GPGMail
