Hi Sanjeet, Following up on my previous reply, the potential workaround would actually require changing "aes/gcm/256" to "AES_GCM". I am looking into addressing this problem in a Jira issue.
Regards, David Handermann On Wed, May 4, 2022 at 11:41 AM David Handermann < exceptionfact...@apache.org> wrote: > Hi Sanjeet, > > Reviewing the implementation related to the error message you provided, it > looks like this could be a bug with decrypting values in authorizers.xml. > > As a workaround, can you try manually editing authorizers.xml and > login-identity-providers.xml, changing "aes/gcm/256" to just "aes/gcm"? > > The protection scheme resolver should match the standard value, but there > may be a problem with the comparison of encryption scheme names. Changing > the "encryption" attribute value to "aes/gcm" may work around the problem, > but it sounds like this may need to be addressed in a Jira issue. > > Regards, > David Handermann > > On Wed, May 4, 2022 at 11:22 AM sanjeet rath <rath.sanj...@gmail.com> > wrote: > >> Hi Isha, >> >> We are using same java instalation. >> >> Our java version is open idk 11. >> >> In the same system only we are able to encrypt aes/gcm/256 for our old >> 1.12.1 nifi version. >> >> Thanks, >> Sanjeet >> >> >> On Wed, 4 May 2022 at 8:40 PM, Isha Lamboo < >> isha.lam...@virtualsciences.nl> wrote: >> >>> Hi Sanjeeth, >>> >>> >>> >>> Are you performing the toolkit encryption using the same java >>> installation that’s running the NiFi server? >>> >>> >>> >>> If not, you may be running into problems because of encryption >>> limitations on the java version on your NiFi server. >>> >>> I think AES256 needs the “Unlimited Strength Encryption” policy and that >>> may not be enabled (or even allowed to be enabled in your country). >>> >>> >>> >>> If you run the toolkit with the same java installation as the server, >>> you can verify this. It should either use aes/gcm/128 or give the same >>> error if it tries to use aes/gcm/256. >>> >>> >>> >>> Another thing to check is whether you’re using Java 8-251 or newer as >>> the migration guidance states. >>> >>> >>> >>> Regards, >>> >>> >>> >>> Isha >>> >>> >>> >>> >>> >>> *Van:* sanjeet rath <rath.sanj...@gmail.com> >>> *Verzonden:* woensdag 4 mei 2022 17:09 >>> *Aan:* users@nifi.apache.org >>> *Onderwerp:* Re: Nifi 1.16.1 migration failed for encrypted of >>> sensitive values >>> >>> >>> >>> Thanks Pierre for the quick response. I have followed the same doc and >>> this is the 3rd version upgrade I am doing for nifi. >>> >>> >>> >>> Actually if u see the last line of the error it looks like aes/gcm/256 >>> is not supported. >>> >>> >>> >>> So if you could point something I am doing wrong for this specific >>> 1.16.1 version then it would be really helpful for me. >>> >>> >>> >>> Thanks, >>> >>> Sanjeet >>> >>> >>> >>> >>> >>> >>> >>> On Wed, 4 May 2022 at 8:20 PM, Pierre Villard < >>> pierre.villard...@gmail.com> wrote: >>> >>> Hi, >>> >>> >>> >>> I recommend reading the migration guidance documentation: >>> >>> https://cwiki.apache.org/confluence/display/NIFI/Migration+Guidance >>> <https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fcwiki.apache.org%2Fconfluence%2Fdisplay%2FNIFI%2FMigration%2BGuidance&data=05%7C01%7Cisha.lamboo%40virtualsciences.nl%7Ca6cf25040df64db1d3c908da2de0058f%7C21429da9e4ad45f99a6fcd126a64274b%7C0%7C0%7C637872737450174797%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=GMsVs2HdwuGzny9ty2yfXgr0593suh0l1ULuErpvWlw%3D&reserved=0> >>> >>> >>> >>> HTH, >>> >>> Pierre >>> >>> >>> >>> Le mer. 4 mai 2022 à 16:46, sanjeet rath <rath.sanj...@gmail.com> a >>> écrit : >>> >>> Hi , >>> >>> >>> >>> I am facing one issue in migration from 1.12 to 1.16.1 . >>> >>> I have created one 1.16.1 cluster.And copied flow.xml , authoriser and >>> authorisation user file my previous 1.12 version of cluster to this new >>> cluster. >>> >>> >>> >>> When I am starting the cluster with all the keystone password in >>> authoriser and loginidentifer and nifi sensitive key value unencrypted in >>> nifi properties file. Then cluster came without any issue. >>> >>> >>> >>> When I am encrypting using keytool , all the properties are succefully >>> encrypted. How ever while starting the cluster getting one error >>> >>> >>> >>> Error in creating bean with name ‘authoriser’ factory bean threw >>> exception on object creation nested exception is org.apache.nifi.project. >>> Senstivepropertyprotectionexception: protection scheme [aes/gcm/256] is >>> not supported. >>> >>> >>> >>> Any hint is really helpful as trying from last 2 days. >>> >>> >>> >>> Thanks and regards >>> >>> Sanjeet >>> >>> >>> >>> >>> >>> >>> >>> >>> >>> -- >>> >>> Sanjeet Kumar Rath, >>> mob- +91 8777577470 >>> >>> -- >>> >>> Sanjeet Kumar Rath, >>> mob- +91 8777577470 >>> >> -- >> Sanjeet Kumar Rath, >> mob- +91 8777577470 >> >>
