Support Questions

rajivswe_2k7 · ‎12-09-2024

Hi Team, I am trying to implement the CSFLE logic using the AWS KMS service. I am using ScriptiedTransformRecord processor with Groovy script. For testing purpose , i have used the sample encryption key which created by openssl and tested the script , it is working fine. However, i would like to use the AWS KMS for the encryption keys. Is the a way to interact with KMS to get the key .

Here is my flow

rajivswe_2k7 · ‎12-09-2024

My Groovy script:

import javax.crypto.Cipher
import javax.crypto.spec.SecretKeySpec
import java.util.Base64

// Define the AES encryption key
String encryptionKey = "6ef552ae5333c9abb682e1f5221b1bdc"

// Ensure the key is 16 bytes (128 bits) for AES-128
if (encryptionKey.length() != 32) {
throw new IllegalArgumentException("Encryption key must be 16 characters long for AES-128.")
}

// Convert the key to a SecretKeySpec
SecretKeySpec aesKey = new SecretKeySpec(encryptionKey.getBytes("UTF-8"), "AES")

// Initialize the Cipher for AES/ECB/PKCS5Padding
Cipher cipher = Cipher.getInstance("AES/ECB/PKCS5Padding")
cipher.init(Cipher.ENCRYPT_MODE, aesKey)

// Retrieve the input data to encrypt
String inputData = record.getValue("name") // Replace "name" with your actual field name
byte[] encryptedData = cipher.doFinal(inputData.getBytes("UTF-8"))

// Encode the encrypted data to Base64
String encryptedBase64 = Base64.getEncoder().encodeToString(encryptedData)

// Set the encrypted value back into the record
record.setValue("name", encryptedBase64)

// Return the updated record
return record

Cloudera Community

Support Questions

Nifi CSFLE inmeplentation with AWS KMS