CryptographicHashAttribute

Description:

Calculates a hash value for each of the specified attributes using the given algorithm and writes it to an output attribute. Please refer to https://csrc.nist.gov/Projects/Hash-Functions/NIST-Policy-on-Hash-Functions for help to decide which algorithm to use.

Tags:

attributes, hash, md5, sha, keccak, blake2, cryptography

Properties:

In the list below, the names of required properties appear in bold. Any other properties (not in bold) are considered optional. The table also indicates any default values.

Display NameAPI NameDefault ValueAllowable ValuesDescription
Character Setcharacter_setUTF-8
  • US-ASCII US-ASCII
  • ISO-8859-1 ISO-8859-1
  • UTF-8 UTF-8
  • UTF-16BE UTF-16BE
  • UTF-16LE UTF-16LE
  • UTF-16 This character set normally decodes using an optional BOM at the beginning of the data but encodes by inserting a BE BOM. For hashing, it will be replaced with UTF-16BE.
The Character Set used to decode the attribute being hashed -- this applies to the incoming data encoding, not the resulting hash encoding.
Fail when no attributes presentfail_when_emptytrue
  • true
  • false
Route to failure when none of the attributes that are configured for hashing are found. If set to false, then flow files that do not contain any of the attributes that are configured for hashing will just pass through to success.
Hash Algorithmhash_algorithmSHA-256
  • MD2 MD2 (16 byte output) [WARNING -- Cryptographically broken] Cryptographically broken due to collisions
  • MD5 MD5 (16 byte output) [WARNING -- Cryptographically broken] Cryptographically broken due to collisions
  • SHA-1 SHA-1 (20 byte output) [WARNING -- Cryptographically broken] Cryptographically broken due to collisions
  • SHA-224 SHA-224 (28 byte output) SHA-2 family
  • SHA-256 SHA-256 (32 byte output) SHA-2 family
  • SHA-384 SHA-384 (48 byte output) SHA-2 family
  • SHA-512 SHA-512 (64 byte output) SHA-2 family
  • SHA-512/224 SHA-512/224 (28 byte output) SHA-2 using SHA-512 with truncated output
  • SHA-512/256 SHA-512/256 (32 byte output) SHA-2 using SHA-512 with truncated output
  • SHA3-224 SHA3-224 (28 byte output) Keccak-based SHA3 family
  • SHA3-256 SHA3-256 (32 byte output) Keccak-based SHA3 family
  • SHA3-384 SHA3-384 (48 byte output) Keccak-based SHA3 family
  • SHA3-512 SHA3-512 (64 byte output) Keccak-based SHA3 family
  • BLAKE2-160 BLAKE2-160 (20 byte output) Also known as Blake2b
  • BLAKE2-256 BLAKE2-256 (32 byte output) Also known as Blake2b
  • BLAKE2-384 BLAKE2-384 (48 byte output) Also known as Blake2b
  • BLAKE2-512 BLAKE2-512 (64 byte output) Also known as Blake2b
The cryptographic hash algorithm to use. Note that not all of the algorithms available are recommended for use (some are provided for legacy use). There are many things to consider when picking an algorithm; it is recommended to use the most secure algorithm possible.
Missing attribute policymissing_attr_policyAllow missing attributes
  • Allow missing attributes Do not route to failure if there are attributes configured for hashing that are not present in the flowfile
  • Fail if missing attributes Route to failure if there are attributes configured for hashing that are not present in the flowfile
Policy for how the processor handles attributes that are configured for hashing but are not found in the flowfile.

Dynamic Properties:

Supports Sensitive Dynamic Properties: No

Dynamic Properties allow the user to specify both the name and value of a property.

NameValueDescription
A flowfile attribute key for attribute inspectionAttribute NameThe property name defines the attribute to look for and hash in the incoming flowfile. The property value defines the name to give the generated attribute. Attribute names must be unique.
Supports Expression Language: false

Relationships:

NameDescription
successUsed for flowfiles that have a hash value added
failureUsed for flowfiles that are missing required attributes

Reads Attributes:

None specified.

Writes Attributes:

NameDescription
<Specified Attribute Name per Dynamic Property>This Processor adds an attribute whose value is the result of hashing the specified attribute. The name of this attribute is specified by the value of the dynamic property.

State management:

This component does not store state.

Restricted:

This component is not restricted.

Input requirement:

This component requires an incoming relationship.

System Resource Considerations:

None specified.