Hi Sanjeet, Reviewing the implementation related to the error message you provided, it looks like this could be a bug with decrypting values in authorizers.xml.
As a workaround, can you try manually editing authorizers.xml and login-identity-providers.xml, changing "aes/gcm/256" to just "aes/gcm"? The protection scheme resolver should match the standard value, but there may be a problem with the comparison of encryption scheme names. Changing the "encryption" attribute value to "aes/gcm" may work around the problem, but it sounds like this may need to be addressed in a Jira issue. Regards, David Handermann On Wed, May 4, 2022 at 11:22 AM sanjeet rath <rath.sanj...@gmail.com> wrote: > Hi Isha, > > We are using same java instalation. > > Our java version is open idk 11. > > In the same system only we are able to encrypt aes/gcm/256 for our old > 1.12.1 nifi version. > > Thanks, > Sanjeet > > > On Wed, 4 May 2022 at 8:40 PM, Isha Lamboo <isha.lam...@virtualsciences.nl> > wrote: > >> Hi Sanjeeth, >> >> >> >> Are you performing the toolkit encryption using the same java >> installation that’s running the NiFi server? >> >> >> >> If not, you may be running into problems because of encryption >> limitations on the java version on your NiFi server. >> >> I think AES256 needs the “Unlimited Strength Encryption” policy and that >> may not be enabled (or even allowed to be enabled in your country). >> >> >> >> If you run the toolkit with the same java installation as the server, you >> can verify this. It should either use aes/gcm/128 or give the same error if >> it tries to use aes/gcm/256. >> >> >> >> Another thing to check is whether you’re using Java 8-251 or newer as the >> migration guidance states. >> >> >> >> Regards, >> >> >> >> Isha >> >> >> >> >> >> *Van:* sanjeet rath <rath.sanj...@gmail.com> >> *Verzonden:* woensdag 4 mei 2022 17:09 >> *Aan:* users@nifi.apache.org >> *Onderwerp:* Re: Nifi 1.16.1 migration failed for encrypted of sensitive >> values >> >> >> >> Thanks Pierre for the quick response. I have followed the same doc and >> this is the 3rd version upgrade I am doing for nifi. >> >> >> >> Actually if u see the last line of the error it looks like aes/gcm/256 is >> not supported. >> >> >> >> So if you could point something I am doing wrong for this specific 1.16.1 >> version then it would be really helpful for me. >> >> >> >> Thanks, >> >> Sanjeet >> >> >> >> >> >> >> >> On Wed, 4 May 2022 at 8:20 PM, Pierre Villard < >> pierre.villard...@gmail.com> wrote: >> >> Hi, >> >> >> >> I recommend reading the migration guidance documentation: >> >> https://cwiki.apache.org/confluence/display/NIFI/Migration+Guidance >> <https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fcwiki.apache.org%2Fconfluence%2Fdisplay%2FNIFI%2FMigration%2BGuidance&data=05%7C01%7Cisha.lamboo%40virtualsciences.nl%7Ca6cf25040df64db1d3c908da2de0058f%7C21429da9e4ad45f99a6fcd126a64274b%7C0%7C0%7C637872737450174797%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=GMsVs2HdwuGzny9ty2yfXgr0593suh0l1ULuErpvWlw%3D&reserved=0> >> >> >> >> HTH, >> >> Pierre >> >> >> >> Le mer. 4 mai 2022 à 16:46, sanjeet rath <rath.sanj...@gmail.com> a >> écrit : >> >> Hi , >> >> >> >> I am facing one issue in migration from 1.12 to 1.16.1 . >> >> I have created one 1.16.1 cluster.And copied flow.xml , authoriser and >> authorisation user file my previous 1.12 version of cluster to this new >> cluster. >> >> >> >> When I am starting the cluster with all the keystone password in >> authoriser and loginidentifer and nifi sensitive key value unencrypted in >> nifi properties file. Then cluster came without any issue. >> >> >> >> When I am encrypting using keytool , all the properties are succefully >> encrypted. How ever while starting the cluster getting one error >> >> >> >> Error in creating bean with name ‘authoriser’ factory bean threw >> exception on object creation nested exception is org.apache.nifi.project. >> Senstivepropertyprotectionexception: protection scheme [aes/gcm/256] is >> not supported. >> >> >> >> Any hint is really helpful as trying from last 2 days. >> >> >> >> Thanks and regards >> >> Sanjeet >> >> >> >> >> >> >> >> >> >> -- >> >> Sanjeet Kumar Rath, >> mob- +91 8777577470 >> >> -- >> >> Sanjeet Kumar Rath, >> mob- +91 8777577470 >> > -- > Sanjeet Kumar Rath, > mob- +91 8777577470 > >
