Support Questions

Nikita_Buxy · ‎05-30-2018

Hello,

I have a usecase of PGP encryption and decryption using NiFi. While I am able to encrypt and decrpt the file if the key files are: public key(.asc) and private key (.gpg).

Whereas an error is thrown if the public and private keys both are (.gpg).

I am using individuals key file paths in nifi rather than creating a key ring.

The passphrase and key files are properly exported and imported.

It will be very helpful if some solution can be given for the mentioned problem.

Nikita_Buxy · ‎05-30-2018

cipher-error.jpg

alopresto · ‎06-02-2018

Nikita,

I believe this is an issue because if you export a public key without ASCII-armoring it (indicated by default by the extension .asc compared to .gpg), the key parsing is performed differently and thus the cipher cannot be formed. NiFi delegates the PGP key parsing to Bouncy Castle's PGPPublicKeyRingCollection class. As noted in the documentation, only a valid key ring is supported here. Is there a reason you cannot convert the single key file into a key ring (see steps here)? There is an open Jira to re-evaluate this handling, but it is not scheduled for work. The solution is to form a valid key ring file from the keys, or use the ASCII-armored public key, which works as you noted.

oruchovets · ‎06-03-2018

Hello Nikita.

I have a very similar use case. I want to use public key(.asc) and private key (.gpg). You've mentioned in the first post that you can encrypt and decrypt the content, but It doesn't work in my case.

Can you share more details on nifi encrypContent configuration and key creation?

I've got an exception:

2018-06-04 00:30:41,891 ERROR [Timer-Driven Process Thread-39] o.a.n.processors.standard.EncryptContent EncryptContent[id=104812d1-1833-14cd-e94b-2ada6cb69b98] Cannot encrypt StandardFlowFileRecord[uuid=a2c4feeb-35dc-407d-8a59-044345403950,claim=StandardContentClaim [resourceClaim=StandardResourceClaim[id=1528041593413-3659, container=default, section=587], offset=430110, length=1062],offset=0,name=data.json,size=1062] - : org.apache.nifi.processor.exception.ProcessException: Invalid public keyring - invalid header encountered

org.apache.nifi.processor.exception.ProcessException: Invalid public keyring - invalid header encountered

at org.apache.nifi.security.util.crypto.OpenPGPKeyBasedEncryptor$OpenPGPEncryptCallback.process(OpenPGPKeyBasedEncryptor.java:338)

at org.apache.nifi.controller.repository.StandardProcessSession.write(StandardProcessSession.java:2826)

at org.apache.nifi.processors.standard.EncryptContent.onTrigger(EncryptContent.java:506)

at org.apache.nifi.processor.AbstractProcessor.onTrigger(AbstractProcessor.java:27)

at org.apache.nifi.controller.StandardProcessorNode.onTrigger(StandardProcessorNode.java:1119)

at org.apache.nifi.controller.tasks.ContinuallyRunProcessorTask.call(ContinuallyRunProcessorTask.java:147)

at org.apache.nifi.controller.tasks.ContinuallyRunProcessorTask.call(ContinuallyRunProcessorTask.java:47)

at org.apache.nifi.controller.scheduling.TimerDrivenSchedulingAgent$1.run(TimerDrivenSchedulingAgent.java:128)

at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)

at java.util.concurrent.FutureTask.runAndReset(FutureTask.java:308)

at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$301(ScheduledThreadPoolExecutor.java:180)

at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:294)

at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)

at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)

at java.lang.Thread.run(Thread.java:748)

encryptcontent.png

nifideveloper · ‎10-20-2021

what changes you made to remove exception "org.apache.nifi.processor.exception.ProcessException: Invalid public keyring - invalid header encountered"?

VidyaSargur · ‎10-20-2021

@nifideveloper, as this is an older post, you would have a better chance of receiving a resolution by starting a new thread. This will also be an opportunity to provide details specific to your environment that could aid others in assisting you with a more accurate answer to your question. You can link this thread as a reference in your new post.

Regards,

Vidya Sargur,
Community Manager

Was your question answered? Make sure to mark the answer as the accepted solution.
If you find a reply useful, say thanks by clicking on the thumbs up button.
Learn more about the Cloudera Community:
Community Guidelines
How to use the forum

saikrishna_tara · ‎08-02-2018

Hi @Nikita Buxy ,

Did you able to solve this , if so how.?

I got an .asc file and passpharse from our vendor and i am trying to use EncryptContent processor to encrypt the files.

i converted .asc to .gpg using this command , gpg --dearmor C:\SaiDEV\Backup.asc

it created a Backup.asc.gpg file and i am pointing that in private keyring file.

the EncryptContent is throwing the same error as you pointed above..

11:34:32 CDT ERROR fb10a940-0164-1000-a27b-69c298405157

EncryptContent[id=fb10a940-0164-1000-a27b-69c298405157] Cannot decrypt StandardFlowFileRecord[uuid=11dcb47f-d30d-43b8-82d3-c80f7523d8ec,claim=StandardContentClaim [resourceClaim=StandardResourceClaim[id=1533227197998-43, container=default, section=43], offset=385301, length=128433],offset=0,name=Test.txt,size=128433] - : org.apache.nifi.processor.exception.ProcessException: Exception creating cipher

Hi @Andy LoPresto , any help here..??

Regards,

Sai

Support Questions

NiFi EncryptContent Processor's behaviour