From 09e54c1dad09a6b91d5e9a08ee53de42afa56c53 Mon Sep 17 00:00:00 2001 From: exceptionfactory Date: Tue, 4 May 2021 09:58:25 -0500 Subject: [PATCH] NIFI-8246 Set NIFI_PBKDF2_AES_GCM_256 as default properties encryption algorithm Signed-off-by: Pierre Villard This closes #5055. --- nifi-docs/src/main/asciidoc/administration-guide.adoc | 2 +- nifi-docs/src/main/asciidoc/toolkit-guide.adoc | 4 ++-- .../nifi-framework/nifi-resources/pom.xml | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/nifi-docs/src/main/asciidoc/administration-guide.adoc b/nifi-docs/src/main/asciidoc/administration-guide.adoc index 54d33a2ec2..e973125328 100644 --- a/nifi-docs/src/main/asciidoc/administration-guide.adoc +++ b/nifi-docs/src/main/asciidoc/administration-guide.adoc @@ -3571,7 +3571,7 @@ These properties pertain to various security features in NiFi. Many of these pro |==== |*Property*|*Description* |`nifi.sensitive.props.key`|This is the password used to encrypt any sensitive property values that are configured in processors. By default, it is blank, but the system administrator should provide a value for it. It can be a string of any length, although the recommended minimum length is 10 characters. Be aware that once this password is set and one or more sensitive processor properties have been configured, this password should not be changed. -|`nifi.sensitive.props.algorithm`|The algorithm used to encrypt sensitive properties. The default value is `PBEWITHMD5AND256BITAES-CBC-OPENSSL`. +|`nifi.sensitive.props.algorithm`|The algorithm used to encrypt sensitive properties. The default value is `NIFI_PBKDF2_AES_GCM_256`. |`nifi.sensitive.props.provider`|The sensitive property provider. The default value is `BC`. |`nifi.sensitive.props.additional.keys`|The comma separated list of properties in _nifi.properties_ to encrypt in addition to the default sensitive properties (see <>). |`nifi.security.autoreload.enabled`|Specifies whether the SSL context factory should be automatically reloaded if updates to the keystore and truststore are detected. By default, it is set to `false`. diff --git a/nifi-docs/src/main/asciidoc/toolkit-guide.adoc b/nifi-docs/src/main/asciidoc/toolkit-guide.adoc index 240664882d..9627bda715 100644 --- a/nifi-docs/src/main/asciidoc/toolkit-guide.adoc +++ b/nifi-docs/src/main/asciidoc/toolkit-guide.adoc @@ -475,7 +475,7 @@ As an example of how the tool works, assume that you have installed the tool on ---- # security properties # nifi.sensitive.props.key=thisIsABadSensitiveKeyPassword -nifi.sensitive.props.algorithm=PBEWITHMD5AND256BITAES-CBC-OPENSSL +nifi.sensitive.props.algorithm=NIFI_PBKDF2_AES_GCM_256 nifi.sensitive.props.provider=BC nifi.sensitive.props.additional.keys= @@ -504,7 +504,7 @@ As a result, the _nifi.properties_ file is overwritten with protected properties # security properties # nifi.sensitive.props.key=n2z+tTTbHuZ4V4V2||uWhdasyDXD4ZG2lMAes/vqh6u4vaz4xgL4aEbF4Y/dXevqk3ulRcOwf1vc4RDQ== nifi.sensitive.props.key.protected=aes/gcm/256 -nifi.sensitive.props.algorithm=PBEWITHMD5AND256BITAES-CBC-OPENSSL +nifi.sensitive.props.algorithm=NIFI_PBKDF2_AES_GCM_256 nifi.sensitive.props.provider=BC nifi.sensitive.props.additional.keys= diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-resources/pom.xml b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-resources/pom.xml index 29831d510b..0ed7074353 100644 --- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-resources/pom.xml +++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-resources/pom.xml @@ -88,7 +88,7 @@ ./work/docs/components - PBEWITHMD5AND256BITAES-CBC-OPENSSL + NIFI_PBKDF2_AES_GCM_256 BC