Key Derivation Functions
Key Derivation Functions (KDF) are mechanisms by which human-readable information, usually a password or other secret information, is translated into a cryptographic key suitable for data protection. For further information, read the https://en.wikipedia.org/wiki/Key_derivation_function. Currently, KDFs are ingested by CipherProvider
implementations and return a fully-initialized Cipher
object to be used for encryption or decryption. Due to the use of a CipherProviderFactory
, the KDFs are not customizable at this time. Future enhancements will include the ability to provide custom cost parameters to the KDF at initialization time. As a work-around, CipherProvider
instances can be initialized with custom cost parameters in the constructor but this is not currently supported by the CipherProviderFactory
. If you do not have a need for a specific KDF, Argon2 is recommended as it is a robust, secure, performant, and user-friendly default and is widely supported on multiple platforms. Here are the KDFs currently supported by NiFi (primarily in the EncryptContent
processor for password-based encryption (PBE)) and relevant notes: