David Handermann created NIFI-8094:
--------------------------------------
Summary: Support BCFKS Keystore Type
Key: NIFI-8094
URL: https://issues.apache.org/jira/browse/NIFI-8094
Project: Apache NiFi
Issue Type: Improvement
Components: Core Framework, Extensions, Security
Affects Versions: 1.12.1
Reporter: David Handermann
Assignee: David Handermann
The [Bouncy Castle FIPS Key
Store|https://cryptosense.com/blog/bouncycastle-keystore-security/] (BCFKS)
format supports storage of certificates and private keys using AES-CCM and
PBKDF2 algorithms, providing greater security than the standard JKS and PKCS12
implementations. Support for BCFKS can be implemented using Bouncy Castle
security provider libraries that are already leveraged throughout the system.
Initial support should include the ability to specify BCFKS as the key store
and trust store type in standard properties files as well as the ability to
select BCFKS in implementations of the SSLContextService.
Extension components that do not use {{SSLContextService.createSSLContext()}}
may need additional work, which should be addressed in related issues following
this implementation.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
