[jira] [Commented] (LOG4J2-2930) Add plugin for encrypting/decrypting log events

[Ralph Goers (Jira)]

    [ 
https://issues.apache.org/jira/browse/LOG4J2-2930?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17202929#comment-17202929
 ] 

Ralph Goers commented on LOG4J2-2930:
-------------------------------------

Remember, I don't care about the actual implementation.  What matters is that 
we have a plugin that can be attached to the appropriate places. Each 
implementation of the plugin could be configured with different parameters - 
after all, that is what our plugin system allows. I personally wouldn't get too 
fancy regarding an implementation we provide unless you feel like doing it for 
the heck of it.

> Add plugin for encrypting/decrypting log events
> -----------------------------------------------
>
>                 Key: LOG4J2-2930
>                 URL: https://issues.apache.org/jira/browse/LOG4J2-2930
>             Project: Log4j 2
>          Issue Type: New Feature
>          Components: Appenders, Core, Receivers
>    Affects Versions: 2.13.3
>            Reporter: Matt Sicker
>            Priority: Major
>
> Some of the existing appenders write log events to sophisticated systems 
> which support encrypting said data at rest and in transit (e.g., storing 
> events in an encrypted SQL database using a TLS connection, writing data to 
> an encrypted filesystem or disk, etc.) However, not every system supported in 
> Log4j provides a feature or ability to encrypt and decrypt data natively. 
> There are a small collection of ad hoc cryptographic operations in Log4j 
> (e.g., {{SslConfiguration}}, {{KeyStoreConfiguration}}, 
> {{SecretKeyProvider}}, etc.) which should be refactored and extended to allow 
> for more flexibility in key management and message encryption/decryption. 
> This will allow appenders and receivers that wish to support encryption to do 
> so much more easily. This should also allow for more sophisticated use of 
> cryptography such as adding message digests or authentication tags to log 
> messages to help prevent tampering and add authenticity.
> Related resources:
> * 
> https://cheatsheetseries.owasp.org/cheatsheets/Cryptographic_Storage_Cheat_Sheet.html
> * 
> https://cheatsheetseries.owasp.org/cheatsheets/Transport_Layer_Protection_Cheat_Sheet.html
> * 
> https://cheatsheetseries.owasp.org/cheatsheets/Logging_Cheat_Sheet.html#protection



--
This message was sent by Atlassian Jira
(v8.3.4#803005)