This Processor supports decryption using legacy formats and Password-Based Encryption Algorithms. RFC 8018 defines the Password-Based Cryptography Specification Version 2.1, including several of the supported encryption schemes described in Section 6.1 as PBES1. According to the specification, PBES1 is not recommended for new applications, and this Processor exists for the purpose of providing compatibility with historical information. The supported key derivation strategies align with implementations in OpenSSL and the Java Simplified Encryption library.
This Processor can be configured to decrypt information encrypted using the EncryptContent Processor. Successful decryption requires selecting matching algorithm and password properties.
| DecryptContentCompatibility | EncryptContent |
|---|---|
| JASYPT_STANDARD | NiFi Legacy KDF |
| OPENSSL_EVP_BYTES_TO_KEY | OpenSSL EVP_BytesToKey |
| DecryptContentCompatibility | EncryptContent |
|---|---|
| PBE_WITH_MD5_AND_AES_CBC_128 | MD5_128AES |
| PBE_WITH_MD5_AND_AES_CBC_192 | MD5_192AES |
| PBE_WITH_MD5_AND_AES_CBC_256 | MD5_256AES |
| PBE_WITH_MD5_AND_DES | MD5_DES |
| PBE_WITH_MD5_AND_RC2 | MD5_RC2 |
| PBE_WITH_SHA1_AND_AES_CBC_128 | SHA_128AES |
| PBE_WITH_SHA1_AND_AES_CBC_192 | SHA_192AES |
| PBE_WITH_SHA1_AND_AES_CBC_256 | SHA_256AES |
| PBE_WITH_SHA1_AND_DES | SHA1_DES |
| PBE_WITH_SHA1_AND_DESEDE_128 | SHA_2KEYTRIPLEDES |
| PBE_WITH_SHA1_AND_DESEDE_192 | SHA_3KEYTRIPLEDES |
| PBE_WITH_SHA1_AND_RC2 | SHA1_RC2 |
| PBE_WITH_SHA1_AND_RC2_40 | SHA_40RC2 |
| PBE_WITH_SHA1_AND_RC2_128 | SHA_128RC2 |
| PBE_WITH_SHA1_AND_RC4_40 | SHA_40RC4 |
| PBE_WITH_SHA1_AND_RC4_128 | SHA_128RC4 |
| PBE_WITH_SHA1_AND_TWOFISH | SHA_TWOFISH |
| PBE_WITH_SHA256_AND_AES_CBC_128 | SHA256_128AES |
| PBE_WITH_SHA256_AND_AES_CBC_192 | SHA256_192AES |
| PBE_WITH_SHA256_AND_AES_CBC_256 | SHA256_256AES |