[jira] [Updated] (NIFI-3714) Encrypt config tool replaces wrong key/value pair with encrypted value and exposes plain sensitive value

[Andy LoPresto (JIRA)]

     [ 
https://issues.apache.org/jira/browse/NIFI-3714?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Andy LoPresto updated NIFI-3714:
--------------------------------
    Description: 
In testing the encrypted provenance repository key management system, I found 
an issue where the {{$ ./bin/encrypt-config.sh}} command can encrypt the 
correct sensitive value but replace the wrong key/value pair in the encrypted 
{{nifi.properties}} file. 

Example:

*Existing nifi.properties*
{code}
nifi.provenance.repository.implementation=org.apache.nifi.provenance.EncryptedWriteAheadProvenanceRepository
nifi.provenance.repository.debug.frequency=1_000_000
nifi.provenance.repository.encryption.key.provider.implementation=org.apache.nifi.provenance.StaticKeyProvider
nifi.provenance.repository.encryption.key.provider.location=
nifi.provenance.repository.encryption.key.id=Key1
nifi.provenance.repository.encryption.key=0123456789ABCDEFFEDCBA98765432100123456789ABCDEFFEDCBA9876543210
nifi.sensitive.props.additional.keys=nifi.provenance.repository.encryption.key
{code}

*After running {{./bin/encrypt-config.sh -b conf/bootstrap.conf -n 
conf/nifi.properties -k 
AAAABBBBCCCCDDDDEEEEFFFF00001111AAAABBBBCCCCDDDDEEEEFFFF00001111}}*

{code}
# Provenance Repository Properties
nifi.provenance.repository.implementation=org.apache.nifi.provenance.EncryptedWriteAheadProvenanceRepository
nifi.provenance.repository.debug.frequency=1_000_000
nifi.provenance.repository.encryption.key=aYDkDKys1ENr3gp+||sTBPpMlIvHcOLTGZlfWct8r9RY8BuDlDkoaYmGJ/9m9af9tZIVzcnDwvYQAaIKxRGF7vI2yrY7Xd6x9GTDnWGiGiRXlaP458BBMMgfzH2O8
nifi.provenance.repository.encryption.key.protected=aes/gcm/256
nifi.provenance.repository.encryption.key.provider.location=
nifi.provenance.repository.encryption.key.id=Key1
nifi.provenance.repository.encryption.key=0123456789ABCDEFFEDCBA98765432100123456789ABCDEFFEDCBA9876543210
nifi.sensitive.props.additional.keys=nifi.provenance.repository.encryption.key
{code}

*When it should be*

{code}
# Provenance Repository Properties
nifi.provenance.repository.implementation=org.apache.nifi.provenance.EncryptedWriteAheadProvenanceRepository
nifi.provenance.repository.debug.frequency=1_000_000
nifi.provenance.repository.encryption.key.provider.implementation=org.apache.nifi.provenance.StaticKeyProvider
nifi.provenance.repository.encryption.key.provider.location=
nifi.provenance.repository.encryption.key.id=Key1
nifi.provenance.repository.encryption.key=aYDkDKys1ENr3gp+||sTBPpMlIvHcOLTGZlfWct8r9RY8BuDlDkoaYmGJ/9m9af9tZIVzcnDwvYQAaIKxRGF7vI2yrY7Xd6x9GTDnWGiGiRXlaP458BBMMgfzH2O8
nifi.provenance.repository.encryption.key.protected=aes/gcm/256
nifi.sensitive.props.additional.keys=nifi.provenance.repository.encryption.key
{code}

I verified (using a test fixture) that the cipher text is the correct 
encryption of 
{{0123456789ABCDEFFEDCBA98765432100123456789ABCDEFFEDCBA9876543210}} with a 
random IV (Base64-encoded and embedded in the cipher text as 
{{aYDkDKys1ENr3gp+}} and the key 
{{AAAABBBBCCCCDDDDEEEEFFFF00001111AAAABBBBCCCCDDDDEEEEFFFF00001111}}. It does 
not appear to be an issue with the encryption but with the replacement logic. 

  was:
In testing the encrypted provenance repository key management system, I found 
an issue where the {{$ ./bin/encrypt-config.sh}} command can encrypt the 
correct sensitive value but replace the wrong key/value pair in the encrypted 
{{nifi.properties}} file. 

Example:

*existing nifi.properties*
{code}
nifi.provenance.repository.implementation=org.apache.nifi.provenance.EncryptedWriteAheadProvenanceRepository
nifi.provenance.repository.debug.frequency=1_000_000
nifi.provenance.repository.encryption.key.provider.implementation=org.apache.nifi.provenance.StaticKeyProvider
nifi.provenance.repository.encryption.key.provider.location=
nifi.provenance.repository.encryption.key.id=Key1
nifi.provenance.repository.encryption.key=0123456789ABCDEFFEDCBA98765432100123456789ABCDEFFEDCBA9876543210
nifi.sensitive.props.additional.keys=nifi.provenance.repository.encryption.key
{code}

*After running {{./bin/encrypt-config.sh -b conf/bootstrap.conf -n 
conf/nifi.properties -k 
AAAABBBBCCCCDDDDEEEEFFFF00001111AAAABBBBCCCCDDDDEEEEFFFF00001111}}*

{code}
# Provenance Repository Properties
nifi.provenance.repository.implementation=org.apache.nifi.provenance.EncryptedWriteAheadProvenanceRepository
nifi.provenance.repository.debug.frequency=1_000_000
nifi.provenance.repository.encryption.key=aYDkDKys1ENr3gp+||sTBPpMlIvHcOLTGZlfWct8r9RY8BuDlDkoaYmGJ/9m9af9tZIVzcnDwvYQAaIKxRGF7vI2yrY7Xd6x9GTDnWGiGiRXlaP458BBMMgfzH2O8
nifi.provenance.repository.encryption.key.protected=aes/gcm/256
nifi.provenance.repository.encryption.key.provider.location=
nifi.provenance.repository.encryption.key.id=Key1
nifi.provenance.repository.encryption.key=0123456789ABCDEFFEDCBA98765432100123456789ABCDEFFEDCBA9876543210
nifi.sensitive.props.additional.keys=nifi.provenance.repository.encryption.key
{code}

*When it should be*

{code}
# Provenance Repository Properties
nifi.provenance.repository.implementation=org.apache.nifi.provenance.EncryptedWriteAheadProvenanceRepository
nifi.provenance.repository.debug.frequency=1_000_000
nifi.provenance.repository.encryption.key.provider.implementation=org.apache.nifi.provenance.StaticKeyProvider
nifi.provenance.repository.encryption.key.provider.location=
nifi.provenance.repository.encryption.key.id=Key1
nifi.provenance.repository.encryption.key=aYDkDKys1ENr3gp+||sTBPpMlIvHcOLTGZlfWct8r9RY8BuDlDkoaYmGJ/9m9af9tZIVzcnDwvYQAaIKxRGF7vI2yrY7Xd6x9GTDnWGiGiRXlaP458BBMMgfzH2O8
nifi.provenance.repository.encryption.key.protected=aes/gcm/256
nifi.sensitive.props.additional.keys=nifi.provenance.repository.encryption.key
{code}

I verified (using a test fixture) that the cipher text is the correct 
encryption of 
{{0123456789ABCDEFFEDCBA98765432100123456789ABCDEFFEDCBA9876543210}} with a 
random IV (Base64-encoded and embedded in the cipher text as 
{{aYDkDKys1ENr3gp+}} and the key 
{{AAAABBBBCCCCDDDDEEEEFFFF00001111AAAABBBBCCCCDDDDEEEEFFFF00001111}}. It does 
not appear to be an issue with the encryption but with the replacement logic. 


> Encrypt config tool replaces wrong key/value pair with encrypted value and 
> exposes plain sensitive value
> --------------------------------------------------------------------------------------------------------
>
>                 Key: NIFI-3714
>                 URL: https://issues.apache.org/jira/browse/NIFI-3714
>             Project: Apache NiFi
>          Issue Type: Bug
>          Components: Tools and Build
>    Affects Versions: 1.1.1
>            Reporter: Andy LoPresto
>            Assignee: Andy LoPresto
>              Labels: config, encryption, security
>
> In testing the encrypted provenance repository key management system, I found 
> an issue where the {{$ ./bin/encrypt-config.sh}} command can encrypt the 
> correct sensitive value but replace the wrong key/value pair in the encrypted 
> {{nifi.properties}} file. 
> Example:
> *Existing nifi.properties*
> {code}
> nifi.provenance.repository.implementation=org.apache.nifi.provenance.EncryptedWriteAheadProvenanceRepository
> nifi.provenance.repository.debug.frequency=1_000_000
> nifi.provenance.repository.encryption.key.provider.implementation=org.apache.nifi.provenance.StaticKeyProvider
> nifi.provenance.repository.encryption.key.provider.location=
> nifi.provenance.repository.encryption.key.id=Key1
> nifi.provenance.repository.encryption.key=0123456789ABCDEFFEDCBA98765432100123456789ABCDEFFEDCBA9876543210
> nifi.sensitive.props.additional.keys=nifi.provenance.repository.encryption.key
> {code}
> *After running {{./bin/encrypt-config.sh -b conf/bootstrap.conf -n 
> conf/nifi.properties -k 
> AAAABBBBCCCCDDDDEEEEFFFF00001111AAAABBBBCCCCDDDDEEEEFFFF00001111}}*
> {code}
> # Provenance Repository Properties
> nifi.provenance.repository.implementation=org.apache.nifi.provenance.EncryptedWriteAheadProvenanceRepository
> nifi.provenance.repository.debug.frequency=1_000_000
> nifi.provenance.repository.encryption.key=aYDkDKys1ENr3gp+||sTBPpMlIvHcOLTGZlfWct8r9RY8BuDlDkoaYmGJ/9m9af9tZIVzcnDwvYQAaIKxRGF7vI2yrY7Xd6x9GTDnWGiGiRXlaP458BBMMgfzH2O8
> nifi.provenance.repository.encryption.key.protected=aes/gcm/256
> nifi.provenance.repository.encryption.key.provider.location=
> nifi.provenance.repository.encryption.key.id=Key1
> nifi.provenance.repository.encryption.key=0123456789ABCDEFFEDCBA98765432100123456789ABCDEFFEDCBA9876543210
> nifi.sensitive.props.additional.keys=nifi.provenance.repository.encryption.key
> {code}
> *When it should be*
> {code}
> # Provenance Repository Properties
> nifi.provenance.repository.implementation=org.apache.nifi.provenance.EncryptedWriteAheadProvenanceRepository
> nifi.provenance.repository.debug.frequency=1_000_000
> nifi.provenance.repository.encryption.key.provider.implementation=org.apache.nifi.provenance.StaticKeyProvider
> nifi.provenance.repository.encryption.key.provider.location=
> nifi.provenance.repository.encryption.key.id=Key1
> nifi.provenance.repository.encryption.key=aYDkDKys1ENr3gp+||sTBPpMlIvHcOLTGZlfWct8r9RY8BuDlDkoaYmGJ/9m9af9tZIVzcnDwvYQAaIKxRGF7vI2yrY7Xd6x9GTDnWGiGiRXlaP458BBMMgfzH2O8
> nifi.provenance.repository.encryption.key.protected=aes/gcm/256
> nifi.sensitive.props.additional.keys=nifi.provenance.repository.encryption.key
> {code}
> I verified (using a test fixture) that the cipher text is the correct 
> encryption of 
> {{0123456789ABCDEFFEDCBA98765432100123456789ABCDEFFEDCBA9876543210}} with a 
> random IV (Base64-encoded and embedded in the cipher text as 
> {{aYDkDKys1ENr3gp+}} and the key 
> {{AAAABBBBCCCCDDDDEEEEFFFF00001111AAAABBBBCCCCDDDDEEEEFFFF00001111}}. It does 
> not appear to be an issue with the encryption but with the replacement logic. 



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)