[ https://issues.apache.org/jira/browse/NIFI-5346?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17329381#comment-17329381 ]
ASF subversion and git services commented on NIFI-5346: ------------------------------------------------------- Commit 92bdc23adbe867c93f6e43c6665e84108d743fb2 in nifi's branch refs/heads/main from David Handermann [ https://gitbox.apache.org/repos/asf?p=nifi.git;h=92bdc23 ] NIFI-8251 Added EncryptContentPGP and DecryptContentPGP Processors - Added PGPPrivateKeyService and PGPPublicKeyService interfaces with standard implementations - NIFI-7396 EncryptContentPGP writes encryption metadata attributes - NIFI-6708 Controller Services support ElGamal Public and Private Keys - NIFI-5346 Controller Services support Keyring Files and ASCII Key properties - NIFI-5335 Controller Services support multiple public or private keys from keyrings - NIFI-2983 DecryptContentPGP finds and decrypts Encrypted Data Packets regardless of signing - NIFI-1694 Controller Services support individual key files or keyrings NIFI-8251 Refactored Public Key ID Property to Public Key Search NIFI-8251 Corrected handling of multiple Encrypted Data packets in DecryptContentPGP - Added unit tests for encryption and decryption with both password-based and public key - Added PGP NAR dependencies to nifi-assembly Signed-off-by: Nathan Gough <thena...@gmail.com> This closes #4842. > Allow EncryptContent processor to specify PGP key as processor property > ----------------------------------------------------------------------- > > Key: NIFI-5346 > URL: https://issues.apache.org/jira/browse/NIFI-5346 > Project: Apache NiFi > Issue Type: New Feature > Components: Extensions > Affects Versions: 1.7.0 > Reporter: Andy LoPresto > Assignee: David Handermann > Priority: Major > Labels: encryption, pgp, security > Time Spent: 11h > Remaining Estimate: 0h > > Users have requested the capability to paste the ASCII-armored key contents > into an {{EncryptContent}} processor property in order to decouple from from > an external keyring (for both encryption and decryption). > The private key would be protected as a sensitive property (encrypted in the > flow.xml.gz the same as a password field). The public key can either be > protected in the same way, or treated as a plaintext value (it is not > sensitive). There should be an additional field to record the unique > identifier of the respective key (i.e. key ID or fingerprint + description). > Specifying all of this information may be confusing on the default processor > property dialog, and so an "Advanced"/"PGP" custom UI should be provided > which organizes this information in a helpful way. > Obviously, encrypting with a literal public key or decrypting with a literal > private key should be easily interoperable with another encryption/decryption > operation (either with another instance of {{EncryptContent}} within NiFi > referencing an external keyring or using an external tool like GnuPG). -- This message was sent by Atlassian Jira (v8.3.4#803005)