nifi-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Andy LoPresto <alopresto.apa...@gmail.com>
Subject Re: EncryptContent issues after NIFI-1257 and NIFI-1259
Date Tue, 29 Mar 2016 01:24:14 GMT
Forgot to mention you’ll want to change the input/output directories in the GetFile and PutFile
processors, as well as the paths to the public and secret keyring, the user ID, and the password
for the EncryptContent processors.

Andy LoPresto
alopresto.apache@gmail.com
PGP Fingerprint: 70EC B3E5 98A6 5A3F D3C4  BACE 3C6E F65B 2F7D EF69

> On Mar 28, 2016, at 4:04 PM, Andy LoPresto <alopresto.apache@gmail.com> wrote:
> 
> Hi Alan,
> 
> I am investigating this issue (spinning up an instance, setting up a flow that involves
PGP encryption and decryption, etc.) to verify.
> 
> As an aside, the setting for “Key Derivation Function” is irrelevant if “Encryption
Algorithm” is set to “PGP” or “PGP_ASCII_ARMOR”. The KDF is required for symmetric
encryption (deriving a key from the provided password), but not used for PGP encryption/decryption
at all. Unfortunately, we cannot currently display/hide or change the required-ness of processor
properties based on the value of other properties. There is an existing Jira open [1] to enhance
this functionality. Perhaps this can be better documented in the Admin Guide [2].
> 
> Can you also provide the full stacktrace and your system configuration, if possible,
to help with the troubleshooting? Thank you.
> 
> [1] https://issues.apache.org/jira/browse/NIFI-1121 <https://issues.apache.org/jira/browse/NIFI-1121>
> [2] https://nifi.apache.org/docs/nifi-docs/html/administration-guide.html#encryption
<https://nifi.apache.org/docs/nifi-docs/html/administration-guide.html#encryption>
> 
> 
> Andy LoPresto
> alopresto.apache@gmail.com <mailto:alopresto.apache@gmail.com>
> PGP Fingerprint: 70EC B3E5 98A6 5A3F D3C4  BACE 3C6E F65B 2F7D EF69
> 
>> On Mar 28, 2016, at 2:18 PM, Alan Jackoway <alanj@cloudera.com <mailto:alanj@cloudera.com>>
wrote:
>> 
>> Hello,
>> 
>> I had an EncryptContent processor running with PGP public key encryption when we
were running NiFi 0.4.x.
>> 
>> We recently went up to a 0.5.x, which includes NIFI-1257 and NIFI-1259. Now my EncryptContent
processors are failing to validate my key with an error message:
>> 'Public Keyring File' is invalid because Invalid Public Keyring File filename because
java.io.IOException: invalid header encountered
>> 
>> I tried all the key derivation functions, but in all cases I got the same error.
>> 
>> Is there an easy way to talk NiFi into using my key again?
>> 
>> I have attached a public key that works on 0.3.0 (I didn't have 0.4 on my machine
for some reason) but fails in 0.5.1. The user id is alanj@cloudera.com <mailto:alanj@cloudera.com>
>> 
>> Is there any easy fix? Should I file a jira?
>> 
>> Since it said invalid header, I tried taking out the comment at the top of the key.
That didn't work.
>> 
>> Thanks,
>> Alan
>> <TestPublicKey.asc>
> 


Mime
View raw message