Re: Jks password migration issue

2020-08-27 Thread Andy LoPresto 
Hi Sanjeet,

If the root encryption key used in bootstrap.conf is identical, the encrypted 
representation of the password should be reusable. Ensure you copied the entire 
string (it consists of an IV encoded in Base64, || as a delimiter, and then the 
actual cipher text (the encrypted password) also encoded in Base64. 

You can also use the Encrypt-Config Toolkit [1] to perform a migration 
operation if you prefer. 

The first error you are encountering is likely because the complete encrypted 
password was not copied successfully. The cipher text cannot be less than 17 
characters long due to the cipher algorithm and minimum input length. 

The second error is likely because of an incorrect encryption key being used. 
The use of the correct key will result in proper padding detection and 
successful decryption. 

[1] 
https://nifi.apache.org/docs/nifi-docs/html/toolkit-guide.html#encrypt_config_tool
 


Andy LoPresto
alopre...@apache.org
alopresto.apa...@gmail.com
He/Him
PGP Fingerprint: 70EC B3E5 98A6 5A3F D3C4  BACE 3C6E F65B 2F7D EF69

> On Aug 27, 2020, at 6:52 AM, sanjeet rath  wrote:
> 
> Hi All,
> 
> I am facing one ussue during my migration from 1.8 to 1.11.4
> 
> My 1.8 env has jks key password is "xyz"
> The newly created 1.11.4 has jks password "abc".
> 
> The encripyion key used in the bootstrap file is same for both the env.
> 
> 
> I have modified the pasaword of the 1.11.4 env's jks file using keytool to 
> "xyz".
> However when i am changing its values("xyz") in nifi.properties & 
> authoriser.xml in 1.11.4 env.I am getting below error.
> 
> Error in creating authoriser bean ,
> IlligalArgumentException can't decrypt a ciphertext less than 17 characters .
> 
> When i am copying the encripted values for jks password from 1.8 env's 
> nifi.properties and replacing directly  in nifi.properties& authoriser.xml of 
> 1.11.4 env , as the encription key is same in both, then getting.
> 
> java.security.UnrecoverableKeyException: Get Key failed: Given final block 
> not properly padded. Such issues can arise if a bad key is used during 
> decryption.
> 
> Could you please help me how can i use my old jks password here.
> Thanks in advance.
> Sanjeet

Jks password migration issue

2020-08-27 Thread sanjeet rath 
Hi All,

I am facing one ussue during my migration from 1.8 to 1.11.4

My 1.8 env has jks key password is "xyz"
The newly created 1.11.4 has jks password "abc".

The encripyion key used in the bootstrap file is same for both the env.


I have modified the pasaword of the 1.11.4 env's jks file using keytool to
"xyz".
However when i am changing its values("xyz") in nifi.properties &
authoriser.xml in 1.11.4 env.I am getting below error.

Error in creating authoriser bean ,
IlligalArgumentException can't decrypt a ciphertext less than 17 characters
.

When i am copying the encripted values for jks password from 1.8 env's
nifi.properties and replacing directly  in nifi.properties& authoriser.xml
of 1.11.4 env , as the encription key is same in both, then getting.

java.security.UnrecoverableKeyException: Get Key failed: Given final
block not properly padded. Such issues can arise if a bad key is used
during decryption.

Could you please help me how can i use my old jks password here.

Thanks in advance.

Sanjeet