Support Questions

Nikita,

I believe this is an issue because if you export a public key without ASCII-armoring it (indicated by default by the extension .asc compared to .gpg), the key parsing is performed differently and thus the cipher cannot be formed. NiFi delegates the PGP key parsing to Bouncy Castle's PGPPublicKeyRingCollection class. As noted in the documentation, only a valid key ring is supported here. Is there a reason you cannot convert the single key file into a key ring (see steps here)? There is an open Jira to re-evaluate this handling, but it is not scheduled for work. The solution is to form a valid key ring file from the keys, or use the ASCII-armored public key, which works as you noted.

Hello Nikita.

I have a very similar use case. I want to use public key(.asc) and private key (.gpg). You've mentioned in the first post that you can encrypt and decrypt the content, but It doesn't work in my case.

Can you share more details on nifi encrypContent configuration and key creation?

I've got an exception:

2018-06-04 00:30:41,891 ERROR [Timer-Driven Process Thread-39] o.a.n.processors.standard.EncryptContent EncryptContent[id=104812d1-1833-14cd-e94b-2ada6cb69b98] Cannot encrypt StandardFlowFileRecord[uuid=a2c4feeb-35dc-407d-8a59-044345403950,claim=StandardContentClaim [resourceClaim=StandardResourceClaim[id=1528041593413-3659, container=default, section=587], offset=430110, length=1062],offset=0,name=data.json,size=1062] - : org.apache.nifi.processor.exception.ProcessException: Invalid public keyring - invalid header encountered

org.apache.nifi.processor.exception.ProcessException: Invalid public keyring - invalid header encountered

at org.apache.nifi.security.util.crypto.OpenPGPKeyBasedEncryptor$OpenPGPEncryptCallback.process(OpenPGPKeyBasedEncryptor.java:338)

at org.apache.nifi.controller.repository.StandardProcessSession.write(StandardProcessSession.java:2826)

at org.apache.nifi.processors.standard.EncryptContent.onTrigger(EncryptContent.java:506)

at org.apache.nifi.processor.AbstractProcessor.onTrigger(AbstractProcessor.java:27)

at org.apache.nifi.controller.StandardProcessorNode.onTrigger(StandardProcessorNode.java:1119)

at org.apache.nifi.controller.tasks.ContinuallyRunProcessorTask.call(ContinuallyRunProcessorTask.java:147)

at org.apache.nifi.controller.tasks.ContinuallyRunProcessorTask.call(ContinuallyRunProcessorTask.java:47)

at org.apache.nifi.controller.scheduling.TimerDrivenSchedulingAgent$1.run(TimerDrivenSchedulingAgent.java:128)

at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)

at java.util.concurrent.FutureTask.runAndReset(FutureTask.java:308)

at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$301(ScheduledThreadPoolExecutor.java:180)

at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:294)

at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)

at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)

at java.lang.Thread.run(Thread.java:748)

Hi @Nikita Buxy ,

Did you able to solve this , if so how.?

I got an .asc file and passpharse from our vendor and i am trying to use EncryptContent processor to encrypt the files.

i converted .asc to .gpg using this command , gpg --dearmor C:\SaiDEV\Backup.asc

it created a Backup.asc.gpg file and i am pointing that in private keyring file.

the EncryptContent is throwing the same error as you pointed above..

11:34:32 CDT ERROR fb10a940-0164-1000-a27b-69c298405157

EncryptContent[id=fb10a940-0164-1000-a27b-69c298405157] Cannot decrypt StandardFlowFileRecord[uuid=11dcb47f-d30d-43b8-82d3-c80f7523d8ec,claim=StandardContentClaim [resourceClaim=StandardResourceClaim[id=1533227197998-43, container=default, section=43], offset=385301, length=128433],offset=0,name=Test.txt,size=128433] - : org.apache.nifi.processor.exception.ProcessException: Exception creating cipher

Hi @Andy LoPresto , any help here..??

Regards,

Sai