Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Creating an encrypted log file

Tags:

logging

encryption

I am creating a client side application which needs to create a log of the user activity but for various reasons this log must not be human readable.

Currently for my development I am creating a plain text log which looks something like this:

12/03/2009 08:34:21 -> User 'Bob' logged in
12/03/2009 08:34:28 -> Navigated to config page
12/03/2009 08:34:32 -> Option x changed to y

When I deploy my application, the log must not be in plain text, so all text must be encrypted. This doesn't appear to be straightforward to achieve as I need the log file to dynamically update as each entry is added.

The approach I was thinking about was to create a binary file, encrypt each log entry in isolation and then append it to the binary file with some suitable demarcation between each entry.

Does anyone know of any common approaches to this problem, I'm sure there has to be a better solution!

like image 457
JamieH Avatar asked Mar 10 '09 11:03

JamieH

People also ask

How do you encrypt a log?

Encrypt logs with logrotate and peacemakr-cli log and place it in /var/log. To start rotating the newly added log, we need to modify the configuration file /etc/logrotate. conf.

How do I create an encrypted csv file?

Compress your CSV file to a zip folder, and them encrypt that folder. Using Windows, you can navigate to the properties of the zipped folder, select "Advanced" and then check the box to encrypt the contents. You will then be prompted to add the password of your choice.

1 Answers

Don't encrypt individual log entries separately and write them to a file as suggested by other posters, because an attacker would easily be able to identify patterns in the log file. See the block cipher modes Wikipedia entry to learn more about this problem.

OriginalEncrypted using ECB modeEncrypted using other modes

Instead, make sure that the encryption of a log entry depends on the previous log entries. Although this has some drawbacks (you cannot decrypt individual log entries as you always need to decrypt the entire file), it makes the encryption a lot stronger. For our own logging library, SmartInspect, we use AES encryption and the CBC mode to avoid the pattern problem. Feel free to give SmartInspect a try if a commercial solution would be suitable.

like image 177
Dennis G. Avatar answered Oct 22 '22 03:10

Dennis G.
Sign in to Comment

Related questions

Static Salt vs Random Salt - Security PHP
XOR Python Text Encryption/Decryption
Encrypt AES with C# to match Java encryption
Java equivalent of an OpenSSL AES CBC encryption
Specified padding mode is not valid for this algorithm - c# - System.Security.Cryptography
SSH: When logging in, is the password in plain text / sniffable? [closed]
"Bad Data" CryptographicException
base64 Encoder via crypto-js
How can I encrypt or hide passwords in a Perl script?
How to decrypt simple XOR encryption
MD5CryptoServiceProvider in ASP.NET Core
Powershell byte array to hex
How bad is 3 as an RSA public exponent
Implicit declaration of function 'sqlite3_key'?
Encrypt with CryptoJS and decrypt with PHP
How to encrypt one message for multiple recipients?
Is there an AES library for clojure?
Integer ID obfuscation techniques
Way to encrypt a single int
Block Ciphers and Stream Ciphers

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!