Google Git
Sign in
apache / nifi-site / 4352249274e0fe8b1c27f77ba398cd1594c4a12f / . / docs / nifi-docs / components / org.apache.nifi / nifi-standard-nar / 1.19.1 / org.apache.nifi.processors.standard.EncryptContent / index.html
blob: e9d731877b9ca19f4a4578f424e53c9df936af45 [file] [log] [blame]
<!DOCTYPE html><html lang="en"><head><meta charset="utf-8"></meta><title>EncryptContent</title><link rel="stylesheet" href="../../../../../css/component-usage.css" type="text/css"></link></head><script type="text/javascript">window.onload = function(){if(self==top) { document.getElementById('nameHeader').style.display = "inherit"; } }</script><body><h1 id="nameHeader" style="display: none;">EncryptContent</h1><h2>Description: </h2><p>Encrypts or Decrypts a FlowFile using either symmetric encryption with a raw key or password and randomly generated salt, or asymmetric encryption using a public and secret key.</p><p><a href="additionalDetails.html">Additional Details...</a></p><h3>Tags: </h3><p>encryption, decryption, password, JCE, KDF, Argon2, Bcrypt, Scrypt, PBKDF2, salt, iv</p><h3>Properties: </h3><p>In the list below, the names of required properties appear in <strong>bold</strong>. Any other properties (not in bold) are considered optional. The table also indicates any default values, and whether a property supports the <a href="../../../../../html/expression-language-guide.html">NiFi Expression Language</a>.</p><table id="properties"><tr><th>Display Name</th><th>API Name</th><th>Default Value</th><th>Allowable Values</th><th>Description</th></tr><tr><td id="name"><strong>Mode</strong></td><td>Mode</td><td id="default-value">Encrypt</td><td id="allowable-values"><ul><li>Encrypt</li><li>Decrypt</li></ul></td><td id="description">Specifies whether the content should be encrypted or decrypted</td></tr><tr><td id="name"><strong>Key Derivation Function</strong></td><td>key-derivation-function</td><td id="default-value">None</td><td id="allowable-values"><ul><li>None <img src="../../../../../html/images/iconInfo.png" alt="The cipher is given a raw key conforming to the algorithm specifications" title="The cipher is given a raw key conforming to the algorithm specifications"></img></li><li>NiFi Legacy KDF <img src="../../../../../html/images/iconInfo.png" alt="MD5 @ 1000 iterations" title="MD5 @ 1000 iterations"></img></li><li>OpenSSL EVP_BytesToKey <img src="../../../../../html/images/iconInfo.png" alt="Single iteration MD5 compatible with PKCS#5 v1.5" title="Single iteration MD5 compatible with PKCS#5 v1.5"></img></li><li>Bcrypt <img src="../../../../../html/images/iconInfo.png" alt="Bcrypt with configurable work factor. See Admin Guide" title="Bcrypt with configurable work factor. See Admin Guide"></img></li><li>Scrypt <img src="../../../../../html/images/iconInfo.png" alt="Scrypt with configurable cost parameters. See Admin Guide" title="Scrypt with configurable cost parameters. See Admin Guide"></img></li><li>PBKDF2 <img src="../../../../../html/images/iconInfo.png" alt="PBKDF2 with configurable hash function and iteration count. See Admin Guide" title="PBKDF2 with configurable hash function and iteration count. See Admin Guide"></img></li><li>Argon2 <img src="../../../../../html/images/iconInfo.png" alt="Argon2 with configurable cost parameters. See Admin Guide." title="Argon2 with configurable cost parameters. See Admin Guide."></img></li></ul></td><td id="description">Specifies the key derivation function to generate the key from the password (and salt)</td></tr><tr><td id="name"><strong>Encryption Algorithm</strong></td><td>Encryption Algorithm</td><td id="default-value">AES_GCM</td><td id="allowable-values"><ul><li>MD5_128AES <img src="../../../../../html/images/iconInfo.png" alt="org.apache.nifi.security.util.EncryptionMethod@4377ed24[Algorithm name=PBEWITHMD5AND128BITAES-CBC-OPENSSL,Requires unlimited strength JCE policy=false,Algorithm Provider=BC,Compatible with strong KDFs=false,Keyed cipher=false]" title="org.apache.nifi.security.util.EncryptionMethod@4377ed24[Algorithm name=PBEWITHMD5AND128BITAES-CBC-OPENSSL,Requires unlimited strength JCE policy=false,Algorithm Provider=BC,Compatible with strong KDFs=false,Keyed cipher=false]"></img></li><li>MD5_192AES <img src="../../../../../html/images/iconInfo.png" alt="EncryptionMethod[Algorithm name=PBEWITHMD5AND192BITAES-CBC-OPENSSL,Requires unlimited strength JCE policy=true,Algorithm Provider=BC,Compatible with strong KDFs=false,Keyed cipher=false]" title="EncryptionMethod[Algorithm name=PBEWITHMD5AND192BITAES-CBC-OPENSSL,Requires unlimited strength JCE policy=true,Algorithm Provider=BC,Compatible with strong KDFs=false,Keyed cipher=false]"></img></li><li>MD5_256AES <img src="../../../../../html/images/iconInfo.png" alt="EncryptionMethod[Algorithm name=PBEWITHMD5AND256BITAES-CBC-OPENSSL,Requires unlimited strength JCE policy=true,Algorithm Provider=BC,Compatible with strong KDFs=false,Keyed cipher=false]" title="EncryptionMethod[Algorithm name=PBEWITHMD5AND256BITAES-CBC-OPENSSL,Requires unlimited strength JCE policy=true,Algorithm Provider=BC,Compatible with strong KDFs=false,Keyed cipher=false]"></img></li><li>MD5_DES <img src="../../../../../html/images/iconInfo.png" alt="EncryptionMethod[Algorithm name=PBEWITHMD5ANDDES,Requires unlimited strength JCE policy=false,Algorithm Provider=BC,Compatible with strong KDFs=false,Keyed cipher=false]" title="EncryptionMethod[Algorithm name=PBEWITHMD5ANDDES,Requires unlimited strength JCE policy=false,Algorithm Provider=BC,Compatible with strong KDFs=false,Keyed cipher=false]"></img></li><li>MD5_RC2 <img src="../../../../../html/images/iconInfo.png" alt="EncryptionMethod[Algorithm name=PBEWITHMD5ANDRC2,Requires unlimited strength JCE policy=false,Algorithm Provider=BC,Compatible with strong KDFs=false,Keyed cipher=false]" title="EncryptionMethod[Algorithm name=PBEWITHMD5ANDRC2,Requires unlimited strength JCE policy=false,Algorithm Provider=BC,Compatible with strong KDFs=false,Keyed cipher=false]"></img></li><li>SHA1_RC2 <img src="../../../../../html/images/iconInfo.png" alt="EncryptionMethod[Algorithm name=PBEWITHSHA1ANDRC2,Requires unlimited strength JCE policy=false,Algorithm Provider=BC,Compatible with strong KDFs=false,Keyed cipher=false]" title="EncryptionMethod[Algorithm name=PBEWITHSHA1ANDRC2,Requires unlimited strength JCE policy=false,Algorithm Provider=BC,Compatible with strong KDFs=false,Keyed cipher=false]"></img></li><li>SHA1_DES <img src="../../../../../html/images/iconInfo.png" alt="EncryptionMethod[Algorithm name=PBEWITHSHA1ANDDES,Requires unlimited strength JCE policy=false,Algorithm Provider=BC,Compatible with strong KDFs=false,Keyed cipher=false]" title="EncryptionMethod[Algorithm name=PBEWITHSHA1ANDDES,Requires unlimited strength JCE policy=false,Algorithm Provider=BC,Compatible with strong KDFs=false,Keyed cipher=false]"></img></li><li>SHA_128AES <img src="../../../../../html/images/iconInfo.png" alt="EncryptionMethod[Algorithm name=PBEWITHSHAAND128BITAES-CBC-BC,Requires unlimited strength JCE policy=false,Algorithm Provider=BC,Compatible with strong KDFs=false,Keyed cipher=false]" title="EncryptionMethod[Algorithm name=PBEWITHSHAAND128BITAES-CBC-BC,Requires unlimited strength JCE policy=false,Algorithm Provider=BC,Compatible with strong KDFs=false,Keyed cipher=false]"></img></li><li>SHA_192AES <img src="../../../../../html/images/iconInfo.png" alt="EncryptionMethod[Algorithm name=PBEWITHSHAAND192BITAES-CBC-BC,Requires unlimited strength JCE policy=true,Algorithm Provider=BC,Compatible with strong KDFs=false,Keyed cipher=false]" title="EncryptionMethod[Algorithm name=PBEWITHSHAAND192BITAES-CBC-BC,Requires unlimited strength JCE policy=true,Algorithm Provider=BC,Compatible with strong KDFs=false,Keyed cipher=false]"></img></li><li>SHA_256AES <img src="../../../../../html/images/iconInfo.png" alt="EncryptionMethod[Algorithm name=PBEWITHSHAAND256BITAES-CBC-BC,Requires unlimited strength JCE policy=true,Algorithm Provider=BC,Compatible with strong KDFs=false,Keyed cipher=false]" title="EncryptionMethod[Algorithm name=PBEWITHSHAAND256BITAES-CBC-BC,Requires unlimited strength JCE policy=true,Algorithm Provider=BC,Compatible with strong KDFs=false,Keyed cipher=false]"></img></li><li>SHA_40RC2 <img src="../../../../../html/images/iconInfo.png" alt="EncryptionMethod[Algorithm name=PBEWITHSHAAND40BITRC2-CBC,Requires unlimited strength JCE policy=false,Algorithm Provider=BC,Compatible with strong KDFs=false,Keyed cipher=false]" title="EncryptionMethod[Algorithm name=PBEWITHSHAAND40BITRC2-CBC,Requires unlimited strength JCE policy=false,Algorithm Provider=BC,Compatible with strong KDFs=false,Keyed cipher=false]"></img></li><li>SHA_128RC2 <img src="../../../../../html/images/iconInfo.png" alt="EncryptionMethod[Algorithm name=PBEWITHSHAAND128BITRC2-CBC,Requires unlimited strength JCE policy=false,Algorithm Provider=BC,Compatible with strong KDFs=false,Keyed cipher=false]" title="EncryptionMethod[Algorithm name=PBEWITHSHAAND128BITRC2-CBC,Requires unlimited strength JCE policy=false,Algorithm Provider=BC,Compatible with strong KDFs=false,Keyed cipher=false]"></img></li><li>SHA_40RC4 <img src="../../../../../html/images/iconInfo.png" alt="EncryptionMethod[Algorithm name=PBEWITHSHAAND40BITRC4,Requires unlimited strength JCE policy=false,Algorithm Provider=BC,Compatible with strong KDFs=false,Keyed cipher=false]" title="EncryptionMethod[Algorithm name=PBEWITHSHAAND40BITRC4,Requires unlimited strength JCE policy=false,Algorithm Provider=BC,Compatible with strong KDFs=false,Keyed cipher=false]"></img></li><li>SHA_128RC4 <img src="../../../../../html/images/iconInfo.png" alt="EncryptionMethod[Algorithm name=PBEWITHSHAAND128BITRC4,Requires unlimited strength JCE policy=false,Algorithm Provider=BC,Compatible with strong KDFs=false,Keyed cipher=false]" title="EncryptionMethod[Algorithm name=PBEWITHSHAAND128BITRC4,Requires unlimited strength JCE policy=false,Algorithm Provider=BC,Compatible with strong KDFs=false,Keyed cipher=false]"></img></li><li>SHA256_128AES <img src="../../../../../html/images/iconInfo.png" alt="EncryptionMethod[Algorithm name=PBEWITHSHA256AND128BITAES-CBC-BC,Requires unlimited strength JCE policy=false,Algorithm Provider=BC,Compatible with strong KDFs=false,Keyed cipher=false]" title="EncryptionMethod[Algorithm name=PBEWITHSHA256AND128BITAES-CBC-BC,Requires unlimited strength JCE policy=false,Algorithm Provider=BC,Compatible with strong KDFs=false,Keyed cipher=false]"></img></li><li>SHA256_192AES <img src="../../../../../html/images/iconInfo.png" alt="EncryptionMethod[Algorithm name=PBEWITHSHA256AND192BITAES-CBC-BC,Requires unlimited strength JCE policy=true,Algorithm Provider=BC,Compatible with strong KDFs=false,Keyed cipher=false]" title="EncryptionMethod[Algorithm name=PBEWITHSHA256AND192BITAES-CBC-BC,Requires unlimited strength JCE policy=true,Algorithm Provider=BC,Compatible with strong KDFs=false,Keyed cipher=false]"></img></li><li>SHA256_256AES <img src="../../../../../html/images/iconInfo.png" alt="EncryptionMethod[Algorithm name=PBEWITHSHA256AND256BITAES-CBC-BC,Requires unlimited strength JCE policy=true,Algorithm Provider=BC,Compatible with strong KDFs=false,Keyed cipher=false]" title="EncryptionMethod[Algorithm name=PBEWITHSHA256AND256BITAES-CBC-BC,Requires unlimited strength JCE policy=true,Algorithm Provider=BC,Compatible with strong KDFs=false,Keyed cipher=false]"></img></li><li>SHA_2KEYTRIPLEDES <img src="../../../../../html/images/iconInfo.png" alt="EncryptionMethod[Algorithm name=PBEWITHSHAAND2-KEYTRIPLEDES-CBC,Requires unlimited strength JCE policy=false,Algorithm Provider=BC,Compatible with strong KDFs=false,Keyed cipher=false]" title="EncryptionMethod[Algorithm name=PBEWITHSHAAND2-KEYTRIPLEDES-CBC,Requires unlimited strength JCE policy=false,Algorithm Provider=BC,Compatible with strong KDFs=false,Keyed cipher=false]"></img></li><li>SHA_3KEYTRIPLEDES <img src="../../../../../html/images/iconInfo.png" alt="EncryptionMethod[Algorithm name=PBEWITHSHAAND3-KEYTRIPLEDES-CBC,Requires unlimited strength JCE policy=false,Algorithm Provider=BC,Compatible with strong KDFs=false,Keyed cipher=false]" title="EncryptionMethod[Algorithm name=PBEWITHSHAAND3-KEYTRIPLEDES-CBC,Requires unlimited strength JCE policy=false,Algorithm Provider=BC,Compatible with strong KDFs=false,Keyed cipher=false]"></img></li><li>SHA_TWOFISH <img src="../../../../../html/images/iconInfo.png" alt="EncryptionMethod[Algorithm name=PBEWITHSHAANDTWOFISH-CBC,Requires unlimited strength JCE policy=false,Algorithm Provider=BC,Compatible with strong KDFs=false,Keyed cipher=false]" title="EncryptionMethod[Algorithm name=PBEWITHSHAANDTWOFISH-CBC,Requires unlimited strength JCE policy=false,Algorithm Provider=BC,Compatible with strong KDFs=false,Keyed cipher=false]"></img></li><li>PGP <img src="../../../../../html/images/iconInfo.png" alt="EncryptionMethod[Algorithm name=PGP,Requires unlimited strength JCE policy=false,Algorithm Provider=BC,Compatible with strong KDFs=false,Keyed cipher=false]" title="EncryptionMethod[Algorithm name=PGP,Requires unlimited strength JCE policy=false,Algorithm Provider=BC,Compatible with strong KDFs=false,Keyed cipher=false]"></img></li><li>PGP_ASCII_ARMOR <img src="../../../../../html/images/iconInfo.png" alt="EncryptionMethod[Algorithm name=PGP-ASCII-ARMOR,Requires unlimited strength JCE policy=false,Algorithm Provider=BC,Compatible with strong KDFs=false,Keyed cipher=false]" title="EncryptionMethod[Algorithm name=PGP-ASCII-ARMOR,Requires unlimited strength JCE policy=false,Algorithm Provider=BC,Compatible with strong KDFs=false,Keyed cipher=false]"></img></li><li>AES_CBC_NO_PADDING <img src="../../../../../html/images/iconInfo.png" alt="EncryptionMethod[Algorithm name=AES/CBC/NoPadding,Requires unlimited strength JCE policy=false,Algorithm Provider=BC,Compatible with strong KDFs=true,Keyed cipher=true]" title="EncryptionMethod[Algorithm name=AES/CBC/NoPadding,Requires unlimited strength JCE policy=false,Algorithm Provider=BC,Compatible with strong KDFs=true,Keyed cipher=true]"></img></li><li>AES_CBC <img src="../../../../../html/images/iconInfo.png" alt="EncryptionMethod[Algorithm name=AES/CBC/PKCS7Padding,Requires unlimited strength JCE policy=false,Algorithm Provider=BC,Compatible with strong KDFs=true,Keyed cipher=true]" title="EncryptionMethod[Algorithm name=AES/CBC/PKCS7Padding,Requires unlimited strength JCE policy=false,Algorithm Provider=BC,Compatible with strong KDFs=true,Keyed cipher=true]"></img></li><li>AES_CTR <img src="../../../../../html/images/iconInfo.png" alt="EncryptionMethod[Algorithm name=AES/CTR/NoPadding,Requires unlimited strength JCE policy=false,Algorithm Provider=BC,Compatible with strong KDFs=true,Keyed cipher=true]" title="EncryptionMethod[Algorithm name=AES/CTR/NoPadding,Requires unlimited strength JCE policy=false,Algorithm Provider=BC,Compatible with strong KDFs=true,Keyed cipher=true]"></img></li><li>AES_GCM <img src="../../../../../html/images/iconInfo.png" alt="EncryptionMethod[Algorithm name=AES/GCM/NoPadding,Requires unlimited strength JCE policy=false,Algorithm Provider=BC,Compatible with strong KDFs=true,Keyed cipher=true]" title="EncryptionMethod[Algorithm name=AES/GCM/NoPadding,Requires unlimited strength JCE policy=false,Algorithm Provider=BC,Compatible with strong KDFs=true,Keyed cipher=true]"></img></li></ul></td><td id="description">The Encryption Algorithm to use</td></tr><tr><td id="name"><strong>Allow insecure cryptographic modes</strong></td><td>allow-weak-crypto</td><td id="default-value">Not Allowed</td><td id="allowable-values"><ul><li>Allowed <img src="../../../../../html/images/iconInfo.png" alt="Operation will not be blocked and no alerts will be presented when unsafe combinations of encryption algorithms and passwords are provided" title="Operation will not be blocked and no alerts will be presented when unsafe combinations of encryption algorithms and passwords are provided"></img></li><li>Not Allowed <img src="../../../../../html/images/iconInfo.png" alt="When set, operation will be blocked and alerts will be presented to the user if unsafe combinations of encryption algorithms and passwords are provided on a JVM with limited strength crypto. To fix this, see the Admin Guide." title="When set, operation will be blocked and alerts will be presented to the user if unsafe combinations of encryption algorithms and passwords are provided on a JVM with limited strength crypto. To fix this, see the Admin Guide."></img></li></ul></td><td id="description">Overrides the default behavior to prevent unsafe combinations of encryption algorithms and short passwords on JVMs with limited strength cryptographic jurisdiction policies</td></tr><tr><td id="name">Password</td><td>Password</td><td></td><td id="allowable-values"></td><td id="description">The Password to use for encrypting or decrypting the data<br/><strong>Sensitive Property: true</strong></td></tr><tr><td id="name">Raw Key (hexadecimal)</td><td>raw-key-hex</td><td></td><td id="allowable-values"></td><td id="description">In keyed encryption, this is the raw key, encoded in hexadecimal<br/><strong>Sensitive Property: true</strong></td></tr><tr><td id="name">Public Keyring File</td><td>public-keyring-file</td><td></td><td id="allowable-values"></td><td id="description">In a PGP encrypt mode, this keyring contains the public key of the recipient</td></tr><tr><td id="name">Public Key User Id</td><td>public-key-user-id</td><td></td><td id="allowable-values"></td><td id="description">In a PGP encrypt mode, this user id of the recipient</td></tr><tr><td id="name">Private Keyring File</td><td>private-keyring-file</td><td></td><td id="allowable-values"></td><td id="description">In a PGP decrypt mode, this keyring contains the private key of the recipient</td></tr><tr><td id="name">Private Keyring Passphrase</td><td>private-keyring-passphrase</td><td></td><td id="allowable-values"></td><td id="description">In a PGP decrypt mode, this is the private keyring passphrase<br/><strong>Sensitive Property: true</strong><br/><strong>Supports Expression Language: true (will be evaluated using variable registry only)</strong></td></tr><tr><td id="name">PGP Symmetric Cipher</td><td>pgp-symmetric-cipher</td><td id="default-value">AES_128</td><td id="allowable-values"><ul><li>IDEA</li><li>TRIPLE_DES</li><li>CAST5</li><li>BLOWFISH</li><li>DES</li><li>AES_128</li><li>AES_192</li><li>AES_256</li><li>TWOFISH</li><li>CAMELLIA_128</li><li>CAMELLIA_192</li><li>CAMELLIA_256</li></ul></td><td id="description">When using PGP encryption, this is the symmetric cipher to be used. This property is ignored if Encryption Algorithm is not PGP or PGP-ASCII-ARMOR
Note that the provided cipher is only used duringthe encryption phase, while it is inferred from the ciphertext in the decryption phase</td></tr></table><h3>Relationships: </h3><table id="relationships"><tr><th>Name</th><th>Description</th></tr><tr><td>success</td><td>Any FlowFile that is successfully encrypted or decrypted will be routed to success</td></tr><tr><td>failure</td><td>Any FlowFile that cannot be encrypted or decrypted will be routed to failure</td></tr></table><h3>Reads Attributes: </h3>None specified.<h3>Writes Attributes: </h3><table id="writes-attributes"><tr><th>Name</th><th>Description</th></tr><tr><td>encryptcontent.action</td><td>"encrypted" or "decrypted" depending on the processor action</td></tr><tr><td>encryptcontent.algorithm</td><td>The algorithm used for the cryptographic operation</td></tr><tr><td>encryptcontent.cipher_text_length</td><td>The cipher text length in bytes (including IV, salt, and delimiters if present). Determined from incoming content in decrypt mode; outgoing content in encrypt mode</td></tr><tr><td>encryptcontent.iv</td><td>The Initialization Vector in hex encoding (if present)</td></tr><tr><td>encryptcontent.iv_length</td><td>The IV length in bytes</td></tr><tr><td>encryptcontent.kdf</td><td>The Key Derivation Function used if Password-Based Encryption was enabled. See Admin Guide - Key Derivation Functions</td></tr><tr><td>encryptcontent.kdf_salt</td><td>The KDF-specific salt including algorithm and cost parameters (if present). See Admin Guide - Key Derivation Functions</td></tr><tr><td>encryptcontent.kdf_salt_length</td><td>The KDF salt length in bytes</td></tr><tr><td>encryptcontent.pbkdf2_iterations</td><td>The number of iterations used in PBKDF2 KDF (if present). PBKDF2 does not encode the cost parameter in a custom salt</td></tr><tr><td>encryptcontent.plaintext_length</td><td>The plaintext length in bytes. Determined from incoming content in encrypt mode; outgoing content in decrypt mode</td></tr><tr><td>encryptcontent.salt</td><td>The raw salt in hex encoding (if present)</td></tr><tr><td>encryptcontent.salt_length</td><td>The raw salt length in bytes</td></tr><tr><td>encryptcontent.timestamp</td><td>The timestamp at which the cryptographic operation occurred in 'yyyy-MM-dd HH:mm:ss.SSS Z' format</td></tr></table><h3>State management: </h3>This component does not store state.<h3>Restricted: </h3>This component is not restricted.<h3>Input requirement: </h3>This component requires an incoming relationship.<h3>System Resource Considerations:</h3><table id="system-resource-considerations"><tr><th>Resource</th><th>Description</th></tr><tr><td>CPU</td><td>An instance of this component can cause high usage of this system resource. Multiple instances or high concurrency settings may result a degradation of performance.</td></tr></table></body></html>