Tags • Cryptography
Back to The Future with PEM Certificates in Apache NiFi
Apache NiFi 2.1.0 introduced support for PEM-encoded certificate and private key files in both framework configuration and extension components. The Privacy-Enhanced Mail format is almost forty years old, serving as a common structure for representing security material despite multiple layers of encoding. Bringing PEM support to Apache NiFi expands configuration options, lowering the barrier of integration with certificate management services.
Between Now and Later: FIPS Compliance and Java Support for Ed25519
The National Institute of Standards and Technology published FIPS 186-5 as the Digital Signature Standard in February 2023. The standard included the Edwards-curve Digital Signature Algorithm with Curve25519 as one of several supported options for cryptographic signing. As of February 2025, however, multiple Java Security Providers do not include Ed25519 among algorithms compliant with FIPS, requiring alternative algorithm configuration or runtime feature detection as implemented in Apache NiFi 2.2.0.
Introducing Jagged for age Encryption in Java
Jagged is a set of Java libraries supporting the age encryption specification. Designed as a simple and modern file encryption standard, age builds on trusted cryptographic algorithms and provides a concise structure for formatting header and payload information. Jagged provides a modular implementation to enable application integration for automated or interactive use cases.
SSHJ Key Authentication Formats
SSHJ is a Java library supporting SSH and SFTP client operations. As the SSH protocol has evolved to support multiple authentication strategies, SSHJ has adapted to support a variety of formats and algorithms for public key authentication. Based on an extensible design, SSHJ is capable of loading and using keys from a number of different source formats.
Enabling Apache NiFi Support for OpenPGP Signatures
Apache NiFi 1.15.0 incorporates new processors for signing and verifying OpenPGP messages. SignContentPGP and VerifyContentPGP provide enhanced security for OpenPGP processing, supporting cryptographic signature handling as a standalone operation or in conjunction with encryption.