[
https://issues.apache.org/jira/browse/NIFI-12033?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17767678#comment-17767678
]
ASF subversion and git services commented on NIFI-12033:
--------------------------------------------------------
Commit 68dc0653c33a28d73de2859a4ce8af5743059e71 in nifi's branch
refs/heads/support/nifi-1.x from David Handermann
[ https://gitbox.apache.org/repos/asf?p=nifi.git;h=68dc0653c3 ]
NIFI-12033 Added EncryptContentAge and DecryptContentAge Processors
This closes #7676
Signed-off-by: Paul Grey <gr...@apache.org>
(cherry picked from commit ebe8b9a2e78d1d87046eb1d6c9f86e86203b6744)
> Add Processors Supporting age-encryption.org
> --------------------------------------------
>
> Key: NIFI-12033
> URL: https://issues.apache.org/jira/browse/NIFI-12033
> Project: Apache NiFi
> Issue Type: Improvement
> Components: Extensions, Security
> Reporter: David Handermann
> Assignee: David Handermann
> Priority: Major
> Fix For: 1.latest, 2.latest
>
> Time Spent: 20m
> Remaining Estimate: 0h
>
> The [age-encryption.org/v1|https://age-encryption.org/v1] specification
> provides a modern alternative to protocols such as OpenPGP for encrypting and
> decrypting files. The age specification uses
> [ChaCha20-Poly1305|https://en.wikipedia.org/wiki/ChaCha20-Poly1305] for
> authenticated encryption of file payloads, and supports asymmetric key pairs
> using the [Curve25519|https://en.wikipedia.org/wiki/Curve25519] algorithm
> with Diffie-Hellman key exchange, known as X25519. The age X25519 recipient
> type represents public and private keys using a human-readable encoding named
> [Bech32|https://en.bitcoin.it/wiki/Bech32]. The age command is available on
> all modern operating systems. These security and usability properties make it
> a better solution for file encryption use cases than current custom
> processing strategies in Processors such as EncryptContent.
> The [Jagged|https://github.com/exceptionfactory/jagged] project provides an
> implementation of the age encryption specification for Java. New
> EncryptContentAge and DecryptContentAge Processors should be implemented that
> support the X25519 recipient type, with options for property-based or
> file-based keys. The age standard supports ASCII armored encoding, which is
> helpful for some use cases that cannot handle raw binary. The default file
> encoding setting should be binary for optimal size and performance
> characteristics.
> Java 11 and 17 support ChaCha20-Poly1305 and X25519, but Java 8 requires
> another Security Provider, such as Bouncy Castle. Cryptographic algorithm
> support can be checked at runtime to support transparent fallback to Bouncy
> Castle. These new Processors should be functional on both the support branch
> and main branch to provide a migration path from other solutions.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
