Hi team,
I'm trying to set up AES decryption in Apache NiFi using the DecryptContent processor for an encryption process based on AES-128 CTR mode. I've successfully implemented AES decryption locally with Node.js, but I’m running into some trouble replicating it in NiFi.
Here are the details of the encryption setup:
- Encrypted Text: c6 c7 4b 49 0d cf 5c 20 87 0a e0 cd c4 a7 bf 94 d8
- Key: 3E 9B 26 FE 46 4F 6D 2D 2F 69 5D 87 8A 07 93 74
- IV: 2d 2c 83 42 00 74 1b 16 20 c0 7d 13 20 00 00 00
- Correct Result: 14 25 79 ed a8 ff a7 00 00 e5 03 00 00 be 03 00 00
I've confirmed that my key and IV are correct. I’m using AES-128, CTR mode, and NoPadding for the encryption. The issue arises when I try to decrypt using NiFi’s DecryptContent processor. Here's what I've tried so far:
-
Cipher Algorithm Mode: Set to CTR
-
Cipher Algorithm Padding: Set to NoPadding
-
Key Specification Format: Set to RAW
-
For the incoming FlowFile content, I've set it as:
c6c74b490dcf5c20870ae0cdc4a7bf94d84E69466949562d2c834200741b1620c07d1320000000
-
(I also experimented with adding 4E6946694956 as the NiFi IV delimiter.)
Despite these settings, I get the following error:
"Wrong IV length: must be 16 bytes long"
It seems like NiFi is interpreting the data as a regular string rather than HEX, which may be the source of the issue.
I have appreciate any suggestions or insights from the team:
- Is there a specific way to input HEX data into NiFi to ensure the IV and content are correctly processed?
- Should I be formatting the data differently, or is there a setting in the DecryptContent processor I might have missed?
- Are there any additional configuration steps or pitfalls I should be aware of when dealing with AES decryption in CTR mode within NiFi?
Thanks in advance for your help!
Best regards,
Emmanuel Katto