Cloudera Community

Community Articles

Find and share helpful community-sourced technical articles.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search

Encrypt and Decrypt files using EncryptContentPGP and DecryptContentPGP in NiFi

avatar
author-rank ckumar author-rank
Master Collaborator

Created on ‎08-11-2025 09:05 PM - edited on ‎08-13-2025 01:55 AM by Community Manager Community Manager

This article provides detailed steps about Encrypting and Decrypting files using the Pretty Good Privacy (PGP)  algorithm in NiFi

Steps involve :

  1. Setting up GPG private key and Public key
  2. Creating NiFi flow 

Setting up GPG private key and Public key

  • Set up the GPG home directory 
    export GNUPGHOME=/tmp/gnupg​
  • Generate a private and public key  with a user ID
    gpg --full-generate-key
gpg (GnuPG) 2.2.20; Copyright (C) 2020 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Please select what kind of key you want:
(1) RSA and RSA (default)
(2) DSA and Elgamal
(3) DSA (sign only)
(4) RSA (sign only)
(14) Existing key from card
Your selection? 1
RSA keys may be between 1024 and 4096 bits long.
What keysize do you want? (2048) 2048
Requested keysize is 2048 bits
Please specify how long the key should be valid.
0 = key does not expire
<n> = key expires in n days
<n>w = key expires in n weeks
<n>m = key expires in n months
<n>y = key expires in n years
Key is valid for? (0) 0
Key does not expire at all
Is this correct? (y/N) y

GnuPG needs to construct a user ID to identify your key.

Real name: TestXYZ
Email address: test@example.com
Comment:
You selected this USER-ID:
"TestXYZ <test@example.com>"

Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? o
  • There will be a prompt to enter a passphrase, which will be used later in the configurationScreenshot 2025-08-11 at 8.13.26 PM.png
  • There will be 4 files created under /tmp/gnupgScreenshot 2025-08-11 at 8.09.52 PM.png
  • Create a public and private keyring file in ASCII format Screenshot 2025-08-11 at 8.09.52 PM.png
  • For the public keyring file, run the following command
    gpg --export --armor --output testexample.gpg.pub test@example.com
  • For the Private keyring file, run the following command 
    gpg --export-secret-keys --armor --output testexample.gpg.asc test@example.com
  • We would have two new files created under /tmp/gnupgScreenshot 2025-08-11 at 8.16.15 PM.png

Creating NiFi flow

At this point, all set to create flow design using EncryptContentPGP and DecryptContentPGP, which use controller services StandardPGPPublicKeyService and StandardPGPPrivateKeyService 

  • EncryptContentPGP configured with StandardPGPPublicKeyServiceScreenshot 2025-08-11 at 8.50.59 PM.pngScreenshot 2025-08-11 at 8.51.28 PM.png
  • DecryptContentPGP with StandardPGPPrivateKeyService Screenshot 2025-08-11 at 8.54.09 PM.png
    Note: In StandardPGPPrivateKeyService passphrase needs to be entered, which was set while running the gpg --full-generate-key command Screenshot 2025-08-11 at 8.55.01 PM.png
  • Snapshot from working flow tested with .csv and .xlsx files Screenshot 2025-08-11 at 7.39.14 PM.png 

 

2,633 Views
0 Kudos
Announcements
Community Announcements
August 2025 Community Highlights
Community Announcements
July 2025 Community Highlights
What's New @ Cloudera
[RELEASED] Cloudera Streaming Analytics - Kubernetes Operato...
Community Announcements
Join Us at CommunityOverCode Asia 2025: Exploring the Future...
What's New @ Cloudera
Announcing Cloudera Surveyor with Cloudera Streams Messaging...
View More Announcements
Version history
Last update:
‎08-13-2025 01:55 AM
Updated by:
Community Manager Community Manager
Contributors