David Handermann created NIFI-8094: -------------------------------------- Summary: Support BCFKS Keystore Type Key: NIFI-8094 URL: https://issues.apache.org/jira/browse/NIFI-8094 Project: Apache NiFi Issue Type: Improvement Components: Core Framework, Extensions, Security Affects Versions: 1.12.1 Reporter: David Handermann Assignee: David Handermann
The [Bouncy Castle FIPS Key Store|https://cryptosense.com/blog/bouncycastle-keystore-security/] (BCFKS) format supports storage of certificates and private keys using AES-CCM and PBKDF2 algorithms, providing greater security than the standard JKS and PKCS12 implementations. Support for BCFKS can be implemented using Bouncy Castle security provider libraries that are already leveraged throughout the system. Initial support should include the ability to specify BCFKS as the key store and trust store type in standard properties files as well as the ability to select BCFKS in implementations of the SSLContextService. Extension components that do not use {{SSLContextService.createSSLContext()}} may need additional work, which should be addressed in related issues following this implementation. -- This message was sent by Atlassian Jira (v8.3.4#803005)