I am creating a client side application which needs to create a log of the user activity but for various reasons this log must not be human readable.
Currently for my development I am creating a plain text log which looks something like this:
12/03/2009 08:34:21 -> User 'Bob' logged in
12/03/2009 08:34:28 -> Navigated to config page
12/03/2009 08:34:32 -> Option x changed to y
When I deploy my application, the log must not be in plain text, so all text must be encrypted. This doesn't appear to be straightforward to achieve as I need the log file to dynamically update as each entry is added.
The approach I was thinking about was to create a binary file, encrypt each log entry in isolation and then append it to the binary file with some suitable demarcation between each entry.
Does anyone know of any common approaches to this problem, I'm sure there has to be a better solution!
Encrypt logs with logrotate and peacemakr-cli log and place it in /var/log. To start rotating the newly added log, we need to modify the configuration file /etc/logrotate. conf.
Compress your CSV file to a zip folder, and them encrypt that folder. Using Windows, you can navigate to the properties of the zipped folder, select "Advanced" and then check the box to encrypt the contents. You will then be prompted to add the password of your choice.
Don't encrypt individual log entries separately and write them to a file as suggested by other posters, because an attacker would easily be able to identify patterns in the log file. See the block cipher modes Wikipedia entry to learn more about this problem.
Instead, make sure that the encryption of a log entry depends on the previous log entries. Although this has some drawbacks (you cannot decrypt individual log entries as you always need to decrypt the entire file), it makes the encryption a lot stronger. For our own logging library, SmartInspect, we use AES encryption and the CBC mode to avoid the pattern problem. Feel free to give SmartInspect a try if a commercial solution would be suitable.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With