Description:
Encrypts or Decrypts a FlowFile using either symmetric encryption with a password and randomly generated salt, or asymmetric encryption using a public and secret key.
Tags:
encryption, decryption, password, JCE, OpenPGP, PGP, GPG
Properties:
In the list below, the names of required properties appear in bold. Any other properties (not in bold) are considered optional. The table also indicates any default values, and whether a property is considered “sensitive”, meaning that its value will be encrypted. Before entering a value in a sensitive property, ensure that the nifi.properties file has an entry for the property nifi.sensitive.props.key.
| Name | Default Value | Allowable Values | Description |
| Mode | Encrypt |
* Encrypt * Decrypt |
Specifies whether the content should be encrypted or decrypted |
| Key Derivation Function | BCRYPT |
* NiFi Legacy KDF  *OpenSSL EVP_BytesToKey * Bcrypt * Scrypt * PBKDF2 * None |
Specifies the key derivation function to generate the key from the password (and salt) |
| Encryption Algorithm | MD5_128AES |
* MD5_128AES * MD5_192AES * MD5_256AES * MD5_DES * MD5_RC2 * SHA1_RC2 * SHA1_DES * SHA_128AES * SHA_192AES * SHA_256AES * SHA_40RC2 * SHA_128RC2 * SHA_40RC4 * SHA_128RC4 * SHA256_128AES * SHA256_192AES *SHA256_256AES *SHA_2KEYTRIPLEDES * SHA_3KEYTRIPLEDES *SHA_TWOFISH * PGP *PGP_ASCII_ARMOR * AES_CBC * AES_CTR * AES_GCM |
The Encryption Algorithm to use |
| Allow insecure cryptographic modes | not-allowed |
* Allowed *Not Allowed |
Overrides the default behavior to prevent unsafe combinations of encryption algorithms and short passwords on JVMs with limited strength cryptographic jurisdiction policies |
| Password |
The Password to use for encrypting or decrypting the data Sensitive Property: true |
||
| Raw Key (hexadecimal) |
In keyed encryption, this is the raw key, encoded in hexadecimal Sensitive Property: true |
||
| Public Keyring File | In a PGP encrypt mode, this keyring contains the public key of the recipient | ||
| Public Key User Id | In a PGP encrypt mode, this user id of the recipient | ||
| Private Keyring File | In a PGP decrypt mode, this keyring contains the private key of the recipient | ||
| Private Keyring Passphrase |
In a PGP decrypt mode, this is the private keyring passphrase Sensitive Property: true |
Relationships:
| Name | Description |
| failure | Any FlowFile that cannot be encrypted or decrypted will be routed to failure |
| success | Any FlowFile that is successfully encrypted or decrypted will be routed to success |
Reads Attributes:
None specified.
Writes Attributes:
None specified
NOTE
This processor supports OpenPGP algorithms that are compatible with third party programs. However, it currently cannot add a digital signature to an encrypted FlowFile.