[ 
https://issues.apache.org/jira/browse/NIFI-2961?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15833887#comment-15833887
 ] 

ASF GitHub Bot commented on NIFI-2961:
--------------------------------------

Github user HandOfGod94 commented on the issue:

    https://github.com/apache/nifi/pull/1294
  
    Hi @alopresto,
    Noob's opinion. (Seriously, I am noob and am open for suggestions/advice):
    I am honestly not satisfied with the way I have done things. I initially 
continued with it as NiFi design guidelines said to have independent processor 
implementation, but as I proceeded I found the predefined classes are still not 
closed for modification and in order for things work I had to modify them, 
which eventually led to buggy implementation.. Do you think we should redesign 
whole EncryptProcessors? I was thinking having a common entry point for 
encryption of content as well as attributes, but this would break backward 
compatibility (not sure). Again it's noob's opinion, I would like to hear about 
your thoughts on this.


> Create EncryptAttribute processor
> ---------------------------------
>
>                 Key: NIFI-2961
>                 URL: https://issues.apache.org/jira/browse/NIFI-2961
>             Project: Apache NiFi
>          Issue Type: Improvement
>          Components: Extensions
>    Affects Versions: 1.0.0
>            Reporter: Andy LoPresto
>              Labels: attributes, encryption, security
>
> Similar to {{EncryptContent}}, the {{EncryptAttribute}} processor would allow 
> individual (and multiple) flowfile attributes to be encrypted (either 
> in-place or to a new attribute key) with various encryption algorithms (AES, 
> RSA, PBE, and PGP). 
> Specific compatibility with the {{OpenSSL EVP_BytesToKey}}, {{PBKDF2}}, 
> {{scrypt}}, and {{bcrypt}} key derivation functions should be included. 
> The processor should provide the boolean option to encrypt or decrypt (only 
> one operation per instance of the processor). The processor should also allow 
> Base64 encoding (aka ASCII armor) for the encrypted attributes to prevent 
> byte escaping/data loss. 
> If [dangerous processor 
> annotations|https://cwiki.apache.org/confluence/display/NIFI/Security+Feature+Roadmap]
>  are introduced, this processor should be marked as such and the 
> corresponding attribute protection (i.e. provenance before/after, etc.) 
> should be applied. 
> Originally requested in this [Stack Overflow 
> question|https://stackoverflow.com/questions/40294945/nifi-encrypt-json].  



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to