[ https://issues.apache.org/jira/browse/NIFI-3714?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Andy LoPresto updated NIFI-3714: -------------------------------- Description: In testing the encrypted provenance repository key management system, I found an issue where the {{$ ./bin/encrypt-config.sh}} command can encrypt the correct sensitive value but replace the wrong key/value pair in the encrypted {{nifi.properties}} file. Example: *Existing nifi.properties* {code} nifi.provenance.repository.implementation=org.apache.nifi.provenance.EncryptedWriteAheadProvenanceRepository nifi.provenance.repository.debug.frequency=1_000_000 nifi.provenance.repository.encryption.key.provider.implementation=org.apache.nifi.provenance.StaticKeyProvider nifi.provenance.repository.encryption.key.provider.location= nifi.provenance.repository.encryption.key.id=Key1 nifi.provenance.repository.encryption.key=0123456789ABCDEFFEDCBA98765432100123456789ABCDEFFEDCBA9876543210 nifi.sensitive.props.additional.keys=nifi.provenance.repository.encryption.key {code} *After running {{./bin/encrypt-config.sh -b conf/bootstrap.conf -n conf/nifi.properties -k AAAABBBBCCCCDDDDEEEEFFFF00001111AAAABBBBCCCCDDDDEEEEFFFF00001111}}* {code} # Provenance Repository Properties nifi.provenance.repository.implementation=org.apache.nifi.provenance.EncryptedWriteAheadProvenanceRepository nifi.provenance.repository.debug.frequency=1_000_000 nifi.provenance.repository.encryption.key=aYDkDKys1ENr3gp+||sTBPpMlIvHcOLTGZlfWct8r9RY8BuDlDkoaYmGJ/9m9af9tZIVzcnDwvYQAaIKxRGF7vI2yrY7Xd6x9GTDnWGiGiRXlaP458BBMMgfzH2O8 nifi.provenance.repository.encryption.key.protected=aes/gcm/256 nifi.provenance.repository.encryption.key.provider.location= nifi.provenance.repository.encryption.key.id=Key1 nifi.provenance.repository.encryption.key=0123456789ABCDEFFEDCBA98765432100123456789ABCDEFFEDCBA9876543210 nifi.sensitive.props.additional.keys=nifi.provenance.repository.encryption.key {code} *When it should be* {code} # Provenance Repository Properties nifi.provenance.repository.implementation=org.apache.nifi.provenance.EncryptedWriteAheadProvenanceRepository nifi.provenance.repository.debug.frequency=1_000_000 nifi.provenance.repository.encryption.key.provider.implementation=org.apache.nifi.provenance.StaticKeyProvider nifi.provenance.repository.encryption.key.provider.location= nifi.provenance.repository.encryption.key.id=Key1 nifi.provenance.repository.encryption.key=aYDkDKys1ENr3gp+||sTBPpMlIvHcOLTGZlfWct8r9RY8BuDlDkoaYmGJ/9m9af9tZIVzcnDwvYQAaIKxRGF7vI2yrY7Xd6x9GTDnWGiGiRXlaP458BBMMgfzH2O8 nifi.provenance.repository.encryption.key.protected=aes/gcm/256 nifi.sensitive.props.additional.keys=nifi.provenance.repository.encryption.key {code} I verified (using a test fixture) that the cipher text is the correct encryption of {{0123456789ABCDEFFEDCBA98765432100123456789ABCDEFFEDCBA9876543210}} with a random IV (Base64-encoded and embedded in the cipher text as {{aYDkDKys1ENr3gp+}} and the key {{AAAABBBBCCCCDDDDEEEEFFFF00001111AAAABBBBCCCCDDDDEEEEFFFF00001111}}. It does not appear to be an issue with the encryption but with the replacement logic. was: In testing the encrypted provenance repository key management system, I found an issue where the {{$ ./bin/encrypt-config.sh}} command can encrypt the correct sensitive value but replace the wrong key/value pair in the encrypted {{nifi.properties}} file. Example: *existing nifi.properties* {code} nifi.provenance.repository.implementation=org.apache.nifi.provenance.EncryptedWriteAheadProvenanceRepository nifi.provenance.repository.debug.frequency=1_000_000 nifi.provenance.repository.encryption.key.provider.implementation=org.apache.nifi.provenance.StaticKeyProvider nifi.provenance.repository.encryption.key.provider.location= nifi.provenance.repository.encryption.key.id=Key1 nifi.provenance.repository.encryption.key=0123456789ABCDEFFEDCBA98765432100123456789ABCDEFFEDCBA9876543210 nifi.sensitive.props.additional.keys=nifi.provenance.repository.encryption.key {code} *After running {{./bin/encrypt-config.sh -b conf/bootstrap.conf -n conf/nifi.properties -k AAAABBBBCCCCDDDDEEEEFFFF00001111AAAABBBBCCCCDDDDEEEEFFFF00001111}}* {code} # Provenance Repository Properties nifi.provenance.repository.implementation=org.apache.nifi.provenance.EncryptedWriteAheadProvenanceRepository nifi.provenance.repository.debug.frequency=1_000_000 nifi.provenance.repository.encryption.key=aYDkDKys1ENr3gp+||sTBPpMlIvHcOLTGZlfWct8r9RY8BuDlDkoaYmGJ/9m9af9tZIVzcnDwvYQAaIKxRGF7vI2yrY7Xd6x9GTDnWGiGiRXlaP458BBMMgfzH2O8 nifi.provenance.repository.encryption.key.protected=aes/gcm/256 nifi.provenance.repository.encryption.key.provider.location= nifi.provenance.repository.encryption.key.id=Key1 nifi.provenance.repository.encryption.key=0123456789ABCDEFFEDCBA98765432100123456789ABCDEFFEDCBA9876543210 nifi.sensitive.props.additional.keys=nifi.provenance.repository.encryption.key {code} *When it should be* {code} # Provenance Repository Properties nifi.provenance.repository.implementation=org.apache.nifi.provenance.EncryptedWriteAheadProvenanceRepository nifi.provenance.repository.debug.frequency=1_000_000 nifi.provenance.repository.encryption.key.provider.implementation=org.apache.nifi.provenance.StaticKeyProvider nifi.provenance.repository.encryption.key.provider.location= nifi.provenance.repository.encryption.key.id=Key1 nifi.provenance.repository.encryption.key=aYDkDKys1ENr3gp+||sTBPpMlIvHcOLTGZlfWct8r9RY8BuDlDkoaYmGJ/9m9af9tZIVzcnDwvYQAaIKxRGF7vI2yrY7Xd6x9GTDnWGiGiRXlaP458BBMMgfzH2O8 nifi.provenance.repository.encryption.key.protected=aes/gcm/256 nifi.sensitive.props.additional.keys=nifi.provenance.repository.encryption.key {code} I verified (using a test fixture) that the cipher text is the correct encryption of {{0123456789ABCDEFFEDCBA98765432100123456789ABCDEFFEDCBA9876543210}} with a random IV (Base64-encoded and embedded in the cipher text as {{aYDkDKys1ENr3gp+}} and the key {{AAAABBBBCCCCDDDDEEEEFFFF00001111AAAABBBBCCCCDDDDEEEEFFFF00001111}}. It does not appear to be an issue with the encryption but with the replacement logic. > Encrypt config tool replaces wrong key/value pair with encrypted value and > exposes plain sensitive value > -------------------------------------------------------------------------------------------------------- > > Key: NIFI-3714 > URL: https://issues.apache.org/jira/browse/NIFI-3714 > Project: Apache NiFi > Issue Type: Bug > Components: Tools and Build > Affects Versions: 1.1.1 > Reporter: Andy LoPresto > Assignee: Andy LoPresto > Labels: config, encryption, security > > In testing the encrypted provenance repository key management system, I found > an issue where the {{$ ./bin/encrypt-config.sh}} command can encrypt the > correct sensitive value but replace the wrong key/value pair in the encrypted > {{nifi.properties}} file. > Example: > *Existing nifi.properties* > {code} > nifi.provenance.repository.implementation=org.apache.nifi.provenance.EncryptedWriteAheadProvenanceRepository > nifi.provenance.repository.debug.frequency=1_000_000 > nifi.provenance.repository.encryption.key.provider.implementation=org.apache.nifi.provenance.StaticKeyProvider > nifi.provenance.repository.encryption.key.provider.location= > nifi.provenance.repository.encryption.key.id=Key1 > nifi.provenance.repository.encryption.key=0123456789ABCDEFFEDCBA98765432100123456789ABCDEFFEDCBA9876543210 > nifi.sensitive.props.additional.keys=nifi.provenance.repository.encryption.key > {code} > *After running {{./bin/encrypt-config.sh -b conf/bootstrap.conf -n > conf/nifi.properties -k > AAAABBBBCCCCDDDDEEEEFFFF00001111AAAABBBBCCCCDDDDEEEEFFFF00001111}}* > {code} > # Provenance Repository Properties > nifi.provenance.repository.implementation=org.apache.nifi.provenance.EncryptedWriteAheadProvenanceRepository > nifi.provenance.repository.debug.frequency=1_000_000 > nifi.provenance.repository.encryption.key=aYDkDKys1ENr3gp+||sTBPpMlIvHcOLTGZlfWct8r9RY8BuDlDkoaYmGJ/9m9af9tZIVzcnDwvYQAaIKxRGF7vI2yrY7Xd6x9GTDnWGiGiRXlaP458BBMMgfzH2O8 > nifi.provenance.repository.encryption.key.protected=aes/gcm/256 > nifi.provenance.repository.encryption.key.provider.location= > nifi.provenance.repository.encryption.key.id=Key1 > nifi.provenance.repository.encryption.key=0123456789ABCDEFFEDCBA98765432100123456789ABCDEFFEDCBA9876543210 > nifi.sensitive.props.additional.keys=nifi.provenance.repository.encryption.key > {code} > *When it should be* > {code} > # Provenance Repository Properties > nifi.provenance.repository.implementation=org.apache.nifi.provenance.EncryptedWriteAheadProvenanceRepository > nifi.provenance.repository.debug.frequency=1_000_000 > nifi.provenance.repository.encryption.key.provider.implementation=org.apache.nifi.provenance.StaticKeyProvider > nifi.provenance.repository.encryption.key.provider.location= > nifi.provenance.repository.encryption.key.id=Key1 > nifi.provenance.repository.encryption.key=aYDkDKys1ENr3gp+||sTBPpMlIvHcOLTGZlfWct8r9RY8BuDlDkoaYmGJ/9m9af9tZIVzcnDwvYQAaIKxRGF7vI2yrY7Xd6x9GTDnWGiGiRXlaP458BBMMgfzH2O8 > nifi.provenance.repository.encryption.key.protected=aes/gcm/256 > nifi.sensitive.props.additional.keys=nifi.provenance.repository.encryption.key > {code} > I verified (using a test fixture) that the cipher text is the correct > encryption of > {{0123456789ABCDEFFEDCBA98765432100123456789ABCDEFFEDCBA9876543210}} with a > random IV (Base64-encoded and embedded in the cipher text as > {{aYDkDKys1ENr3gp+}} and the key > {{AAAABBBBCCCCDDDDEEEEFFFF00001111AAAABBBBCCCCDDDDEEEEFFFF00001111}}. It does > not appear to be an issue with the encryption but with the replacement logic. -- This message was sent by Atlassian JIRA (v6.3.15#6346)