David Handermann created NIFI-7905:
--------------------------------------
Summary: MergeContent should support password-protected Zip
archives
Key: NIFI-7905
URL: https://issues.apache.org/jira/browse/NIFI-7905
Project: Apache NiFi
Issue Type: Improvement
Components: Extensions
Reporter: David Handermann
Assignee: David Handermann
MergeContent should be improved to support creation of password-protected Zip
files. NIFI-7777 introduced support of decrypting password-protected Zip files
using [Zip4j|http://www.lingala.net/zip4j.html] and the same library can be
leveraged to support password-based encryption using either ZipCrypto Standard
encryption or AES encryption.
Following the [Zip File Format
Specification|https://pkware.cachefly.net/webdocs/casestudies/APPNOTE.TXT]
Appendix E, Zip4J supports AES-CTR with key lengths of either 128 or 256, and
uses HMAC-SHA1 for PBKDF2. [WinZip|http://www.winzip.com/aes_info.htm]
describes the implementation in more detail under the heading of AE-1 and AE-2
specifications. The Zip4j implementation also appears to limit passwords to
ISO-8859-1 characters, which should be checked during property validation.
ZipCrypto has [known security
flaws|https://en.wikipedia.org/wiki/Zip_(file_format)#Encryption], which should
be at least mentioned in the property description.
The implementation should introduce new optional properties for Encryption
Password and Encryption Method, listing ZipCrypto, AES-128-CTR and AES-256-CTR
as options. The implementation should also write Flow File attributes
indicating the cryptographic algorithm used.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
