Support Questions
Find answers, ask questions, and share your expertise

NiFi EncryptContent Processor's behaviour

NiFi EncryptContent Processor's behaviour

New Contributor

Hello,

I have a usecase of PGP encryption and decryption using NiFi. While I am able to encrypt and decrpt the file if the key files are: public key(.asc) and private key (.gpg).

Whereas an error is thrown if the public and private keys both are (.gpg).

I am using individuals key file paths in nifi rather than creating a key ring.

The passphrase and key files are properly exported and imported.

It will be very helpful if some solution can be given for the mentioned problem.

4 REPLIES 4

Re: NiFi EncryptContent Processor's behaviour

New Contributor

Re: NiFi EncryptContent Processor's behaviour

Nikita,

I believe this is an issue because if you export a public key without ASCII-armoring it (indicated by default by the extension .asc compared to .gpg), the key parsing is performed differently and thus the cipher cannot be formed. NiFi delegates the PGP key parsing to Bouncy Castle's PGPPublicKeyRingCollection class. As noted in the documentation, only a valid key ring is supported here. Is there a reason you cannot convert the single key file into a key ring (see steps here)? There is an open Jira to re-evaluate this handling, but it is not scheduled for work. The solution is to form a valid key ring file from the keys, or use the ASCII-armored public key, which works as you noted.

Re: NiFi EncryptContent Processor's behaviour

Explorer

Hello Nikita.

I have a very similar use case. I want to use public key(.asc) and private key (.gpg). You've mentioned in the first post that you can encrypt and decrypt the content, but It doesn't work in my case.

Can you share more details on nifi encrypContent configuration and key creation?

I've got an exception:

2018-06-04 00:30:41,891 ERROR [Timer-Driven Process Thread-39] o.a.n.processors.standard.EncryptContent EncryptContent[id=104812d1-1833-14cd-e94b-2ada6cb69b98] Cannot encrypt StandardFlowFileRecord[uuid=a2c4feeb-35dc-407d-8a59-044345403950,claim=StandardContentClaim [resourceClaim=StandardResourceClaim[id=1528041593413-3659, container=default, section=587], offset=430110, length=1062],offset=0,name=data.json,size=1062] - : org.apache.nifi.processor.exception.ProcessException: Invalid public keyring - invalid header encountered

org.apache.nifi.processor.exception.ProcessException: Invalid public keyring - invalid header encountered

at org.apache.nifi.security.util.crypto.OpenPGPKeyBasedEncryptor$OpenPGPEncryptCallback.process(OpenPGPKeyBasedEncryptor.java:338)

at org.apache.nifi.controller.repository.StandardProcessSession.write(StandardProcessSession.java:2826)

at org.apache.nifi.processors.standard.EncryptContent.onTrigger(EncryptContent.java:506)

at org.apache.nifi.processor.AbstractProcessor.onTrigger(AbstractProcessor.java:27)

at org.apache.nifi.controller.StandardProcessorNode.onTrigger(StandardProcessorNode.java:1119)

at org.apache.nifi.controller.tasks.ContinuallyRunProcessorTask.call(ContinuallyRunProcessorTask.java:147)

at org.apache.nifi.controller.tasks.ContinuallyRunProcessorTask.call(ContinuallyRunProcessorTask.java:47)

at org.apache.nifi.controller.scheduling.TimerDrivenSchedulingAgent$1.run(TimerDrivenSchedulingAgent.java:128)

at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)

at java.util.concurrent.FutureTask.runAndReset(FutureTask.java:308)

at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$301(ScheduledThreadPoolExecutor.java:180)

at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:294)

at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)

at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)

at java.lang.Thread.run(Thread.java:748)

encryptcontent.png

Re: NiFi EncryptContent Processor's behaviour

Super Collaborator

Hi @Nikita Buxy ,

Did you able to solve this , if so how.?

I got an .asc file and passpharse from our vendor and i am trying to use EncryptContent processor to encrypt the files.

i converted .asc to .gpg using this command , gpg --dearmor C:\SaiDEV\Backup.asc

it created a Backup.asc.gpg file and i am pointing that in private keyring file.

the EncryptContent is throwing the same error as you pointed above..

11:34:32 CDT ERROR fb10a940-0164-1000-a27b-69c298405157

EncryptContent[id=fb10a940-0164-1000-a27b-69c298405157] Cannot decrypt StandardFlowFileRecord[uuid=11dcb47f-d30d-43b8-82d3-c80f7523d8ec,claim=StandardContentClaim [resourceClaim=StandardResourceClaim[id=1533227197998-43, container=default, section=43], offset=385301, length=128433],offset=0,name=Test.txt,size=128433] - : org.apache.nifi.processor.exception.ProcessException: Exception creating cipher

Hi @Andy LoPresto , any help here..??

Regards,

Sai