[jira] [Commented] (LOG4J2-2930) Add plugin for encrypting/decrypting log events

Sun, 27 Sep 2020 15:25:04 -0700 


    [ 
https://issues.apache.org/jira/browse/LOG4J2-2930?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17202932#comment-17202932
 ] 

Matt Sicker commented on LOG4J2-2930:
-------------------------------------

Right; I don't plan on implementing all these scenarios. I'm exploring the 
problem space to see what API surface is needed. I'm also interested from a 
cryptography nerd standpoint as designing or implementing cryptosystems is fun 
yet uncommonly needed, so I will have a fairly interesting sample 
implementation to go with the API updates. This should also help figure out if 
this belongs as a special type of Layout that encapsulates another Layout or a 
separate API entirely.

> Add plugin for encrypting/decrypting log events
> -----------------------------------------------
>
>                 Key: LOG4J2-2930
>                 URL: https://issues.apache.org/jira/browse/LOG4J2-2930
>             Project: Log4j 2
>          Issue Type: New Feature
>          Components: Appenders, Core, Receivers
>    Affects Versions: 2.13.3
>            Reporter: Matt Sicker
>            Priority: Major
>
> Some of the existing appenders write log events to sophisticated systems 
> which support encrypting said data at rest and in transit (e.g., storing 
> events in an encrypted SQL database using a TLS connection, writing data to 
> an encrypted filesystem or disk, etc.) However, not every system supported in 
> Log4j provides a feature or ability to encrypt and decrypt data natively. 
> There are a small collection of ad hoc cryptographic operations in Log4j 
> (e.g., {{SslConfiguration}}, {{KeyStoreConfiguration}}, 
> {{SecretKeyProvider}}, etc.) which should be refactored and extended to allow 
> for more flexibility in key management and message encryption/decryption. 
> This will allow appenders and receivers that wish to support encryption to do 
> so much more easily. This should also allow for more sophisticated use of 
> cryptography such as adding message digests or authentication tags to log 
> messages to help prevent tampering and add authenticity.
> Related resources:
> * 
> https://cheatsheetseries.owasp.org/cheatsheets/Cryptographic_Storage_Cheat_Sheet.html
> * 
> https://cheatsheetseries.owasp.org/cheatsheets/Transport_Layer_Protection_Cheat_Sheet.html
> * 
> https://cheatsheetseries.owasp.org/cheatsheets/Logging_Cheat_Sheet.html#protection



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

Reply via email to