Hi everyone, I'm Emmanuel Katto from Dubai, United Arab Emirates (UAE) working on decrypting data using AES-128 in CTR mode in Apache NiFi, and I could really use some help or suggestions on how to configure it correctly. Here's what I've done so far:
Local Setup (Node.js)
- Text to Decrypt:
c6 c7 4b 49 0d cf 5c 20 87 0a e0 cd c4 a7 bf 94 d8
- Key:
3E 9B 26 FE 46 4F 6D 2D 2F 69 5D 87 8A 07 93 74
- Initialization Vector (IV):
2d 2c 83 42 00 74 1b 16 20 c0 7d 13 20 00 00 00
- Correct Decryption Result:
14 25 79 ed a8 ff a7 00 00 e5 03 00 00 be 03 00 00
In my Node.js setup, this works perfectly, and I can decrypt the content using AES-128 CTR with no padding.
NiFi Setup (DecryptContent Processor)
I am trying to achieve the same decryption in Apache NiFi using the DecryptContent processor. I’ve configured it as follows:
- Cipher Algorithm Mode: CTR
- Cipher Algorithm Padding: NoPadding
- Key Specification Format: RAW
For the incoming FlowFile content, I’ve set it to:
c6c74b490dcf5c20870ae0cdc4a7bf94d84E69466949562d2c834200741b1620c07d1320000000
However, I get an error: "Wrong IV length: must be 16 bytes long". This error suggests that NiFi is interpreting the content as a normal string and not as HEX values.
My Questions:
- How do I correctly provide the IV and encrypted content in HEX format to the DecryptContent processor?
- Is there any configuration I’ve missed to specify the content as HEX?
- Is the IV delimiter (4E6946694956) necessary in this case, or should I be providing the IV as part of the content differently?
Would appreciate any guidance or suggestions from anyone who has worked with AES decryption in NiFi using CTR mode. Thanks in advance!
Regards
Emmanuel Katto