Matt Sicker created LOG4J2-2930:
-----------------------------------
Summary: Add plugin for encrypting/decrypting log events
Key: LOG4J2-2930
URL: https://issues.apache.org/jira/browse/LOG4J2-2930
Project: Log4j 2
Issue Type: New Feature
Components: Appenders, Core, Receivers
Affects Versions: 2.13.3
Reporter: Matt Sicker
Some of the existing appenders write log events to sophisticated systems which
support encrypting said data at rest and in transit (e.g., storing events in an
encrypted SQL database using a TLS connection, writing data to an encrypted
filesystem or disk, etc.) However, not every system supported in Log4j provides
a feature or ability to encrypt and decrypt data natively. There are a small
collection of ad hoc cryptographic operations in Log4j (e.g.,
{{SslConfiguration}}, {{KeyStoreConfiguration}}, {{SecretKeyProvider}}, etc.)
which should be refactored and extended to allow for more flexibility in key
management and message encryption/decryption. This will allow appenders and
receivers that wish to support encryption to do so much more easily. This
should also allow for more sophisticated use of cryptography such as adding
message digests or authentication tags to log messages to help prevent
tampering and add authenticity.
Related resources:
*
https://cheatsheetseries.owasp.org/cheatsheets/Cryptographic_Storage_Cheat_Sheet.html
*
https://cheatsheetseries.owasp.org/cheatsheets/Transport_Layer_Protection_Cheat_Sheet.html
*
https://cheatsheetseries.owasp.org/cheatsheets/Logging_Cheat_Sheet.html#protection
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
