From aadbbd1aa8866d4b8e9efbb863ff157f4a9cdf48 Mon Sep 17 00:00:00 2001 From: Andrew Lim Date: Wed, 24 Aug 2016 12:46:14 -0700 Subject: [PATCH] NIFI-2451 Incorporated Drew's final comments to Admin Guide. --- .../src/main/asciidoc/administration-guide.adoc | 15 +++++++-------- 1 file changed, 7 insertions(+), 8 deletions(-) diff --git a/nifi-docs/src/main/asciidoc/administration-guide.adoc b/nifi-docs/src/main/asciidoc/administration-guide.adoc index 4dc22c74bc..7994e61ff6 100644 --- a/nifi-docs/src/main/asciidoc/administration-guide.adoc +++ b/nifi-docs/src/main/asciidoc/administration-guide.adoc @@ -984,13 +984,13 @@ The `encrypt-config` command line tool (invoked as `./bin/encrypt-config.sh` or The default encryption algorithm utilized is AES/GCM 128/256-bit. 128-bit is used if the JCE Unlimited Strength Cryptographic Jurisdiction Policy files are not installed, and 256-bit is used if they are installed. -You can use the following command line options with the encrypt-config tool: +You can use the following command line options with the `encrypt-config` tool: * `-b,--bootstrapConf ` The bootstrap.conf file to persist master key * `-h,--help` Prints this usage message * `-k,--key ` The raw hexadecimal key to use to encrypt the sensitive properties (the key can be entered with spaces or '-' delimiters to assist manual entry -- these will be ignored) -* `-n,--niFiProperties ` The nifi.properties file containing unprotected config values (will be overwritten by default unless `-o` is provided) -* `-o,--outputNiFiProperties ` The destination nifi.properties file containing protected config values (will not modify input nifi.properties) +* `-n,--niFiProperties ` The 'nifi.properties' file containing unprotected config values (will be overwritten by default unless `-o` is provided) +* `-o,--outputNiFiProperties ` The destination 'nifi.properties' file containing protected config values (will not modify input 'nifi.properties') * `-p,--password ` The password from which to derive the key to use to encrypt the sensitive properties * `-r,--useRawKey` If provided, the secure console will prompt for the raw key value in hexadecimal form * `-v,--verbose` Sets verbose mode (default false) @@ -1058,19 +1058,18 @@ If the 'nifi.properties' file already has valid protected values, those property Password Key Derivation ~~~~~~~~~~~~~~~~~~~~~~~ -Instead of providing a 32 or 64 character raw hexadecimal key, the user can provide a password from which the key will be derived. As of 1.0.0, the password must be at least 12 characters, and the key will be derived using `SCrypt` with the parameters: +Instead of providing a 32 or 64 character raw hexadecimal key, you can provide a password from which the key will be derived. As of 1.0.0, the password must be at least 12 characters, and the key will be derived using `SCrypt` with the parameters: * `pw` -- the password bytes in `UTF-8` -* `salt` -- the fixed salt value (`NIFI_SCRYPT_SALT`) bytes in `UTF-8` _see note below_ +* `salt` -- the fixed salt value (`NIFI_SCRYPT_SALT`) bytes in `UTF-8` * `N` -- 2^16^ * `r` -- 8 * `p` -- 1 * `dkLen` -- determined by the JCE policies available -These values are determined to be strong for this threat model in August 2016 but may change in future versions. +As of August 2016, these values are determined to be strong for this threat model but may change in future versions. -_Note:_ -While fixed salts are counter to best practices, a static salt is necessary for deterministic key derivation without additional storage of the salt value. +NOTE: While fixed salts are counter to best practices, a static salt is necessary for deterministic key derivation without additional storage of the salt value. [[encrypt-config_secure_prompt]] Secure Prompt