* Encrypted logs with forward secrecy
@ 2003-05-06 5:22 Jason Holt
2003-05-06 10:31 ` Hans Reiser
0 siblings, 1 reply; 4+ messages in thread
From: Jason Holt @ 2003-05-06 5:22 UTC (permalink / raw)
To: reiserfs-list
I felt the need to code on Saturday, so I wrote up this toy we discovered at
DISCEX and posted it to sci.crypt. Hans suggested that it might work nicely
as a reiserfs4 plugin.
The idea isn't original - Bruce Schneier published these a few years ago, but
mine is apparently the first public implementation:
http://www.counterpane.com/secure-logs.html
http://www.counterpane.com/auditlog2.html
He also has a patent on it, but said he's willing to let it be used with a
GPLed implementation.
-J
=============
Does anyone know of another package that does this? The idea is to
generate a random file key, encrypt it with an auditor's public key
and ship it to the auditor. Then you use it to encrypt lines of a log
file. After each line, you hash the file key, throw away the old one,
and append a MAC.
That way, even if somebody roots your box, they can't read any lines
of the file already written or modify the log. They can /delete/ the
log, but can't change already-written lines undetected.
So here's a quick-and-dirty implementation. It uses MDCs instead of a
proper HMAC, and of course wastes lots of space. Comments?
-J
[jason@erg] ~/.gnupg$ gpg --gen-key
gpg (GnuPG) 1.2.1; Copyright (C) 2002 Free Software Foundation, Inc.
This program comes with ABSOLUTELY NO WARRANTY.
[blah blah blah...]
You need a User-ID to identify your key; the software constructs the
user id
from Real Name, Comment and Email Address in this form:
"Heinrich Heine (Der Dichter) <heinrichh@duesseldorf.de>"
Real name: logcrypt
Email address:
Comment:
You selected this USER-ID:
"logcrypt"
Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? o
[blah blah blah...]
[At this point, you should take the secret key off site...]
[jason@erg] ~/work/logcrypt$ cat >log
foo
bar
baz
[As soon as this starts running, put a copy of filekey somewhere
safe...]
[jason@erg] ~/work/logcrypt$ ./logcrypt.pl <log >safe_log 2>/dev/null
Reading passphrase from file descriptor 0
Reading passphrase from file descriptor 0
Reading passphrase from file descriptor 0
[jason@erg] ~/work/logcrypt$ ./readlog.pl <safe_log
You need a passphrase to unlock the secret key for
user: "logcrypt"
2048-bit ELG-E key, ID C17F42D7, created 2003-05-03 (main key ID
EEC68977)
Reading passphrase from file descriptor 0
gpg: AES encrypted data
foo
Reading passphrase from file descriptor 0
gpg: AES encrypted data
bar
Reading passphrase from file descriptor 0
gpg: AES encrypted data
baz
================================Code for logcrypt.pl:
#!/usr/bin/perl
# (c) 2003 Jason E. Holt
# Released into the public domain
# Encrypt log files with forward secrecy
# Once a line of the file is written, even root can't read it or
# change it without detection. (Assuming that filekey gets recorded
# somewhere safe.)
my $recipient = "logcrypt"; # Name of GPG public key holder
use MD5;
open(RANDOM, "</dev/urandom") or die "Couldn't open /dev/urandom: $!";
sysread(RANDOM, $filekey, 16, 0);
$filekey = MD5->hexhash($filekey);
open(SAVEFILEKEY, "| gpg -r $recipient -q -e -o filekey")
or die "Couldn't open pipe to gpg: $!";
# Just symmetrically encrypt the log key.
#open(SAVEFILEKEY, "| gpg -c -o filekey")
# or die "Couldn't open pipe to gpg: $!";
print SAVEFILEKEY $filekey;
close SAVEFILEKEY;
while(<>) {
open(GPG,
"|gpg -q --cipher-algo AES --passphrase-fd 0 -a -c --force-mdc -o
-")
or die "Couldn't open gpg: $!";
print GPG $filekey, "\n";
print GPG $_;
$filekey = MD5->hexhash($filekey);
}
==================================== Code for readlog.pl
#!/usr/bin/perl
# (c) 2003 Jason E. Holt
# Released into the public domain
# Read log files written with logcrypt.pl
use MD5;
open(FILEKEY, "gpg -q -o - filekey |") or die "Couldn't open file key:
$!";
my $filekey = join('', <FILEKEY>);
my @lines;
while(<>) {
push @lines, $_;
if(/-----END PGP MESSAGE-----/) {
open(GPG, "| gpg -q --passphrase-fd 0 -o -") or die
"Couldn't open gpg: $!";
print GPG $filekey, "\n";
print GPG join('', @lines);
close GPG;
@lines = ();
$filekey = MD5->hexhash($filekey);
}
}
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: Encrypted logs with forward secrecy
2003-05-06 5:22 Encrypted logs with forward secrecy Jason Holt
@ 2003-05-06 10:31 ` Hans Reiser
2003-05-06 10:58 ` Edward Shushkin
2003-05-07 9:54 ` Edward Shushkin
0 siblings, 2 replies; 4+ messages in thread
From: Hans Reiser @ 2003-05-06 10:31 UTC (permalink / raw)
To: Jason Holt; +Cc: reiserfs-list, Edward Shishkin
Edward, please discuss with him making a reiser4 plugin out of it.
Hans
Jason Holt wrote:
>I felt the need to code on Saturday, so I wrote up this toy we discovered at
>DISCEX and posted it to sci.crypt. Hans suggested that it might work nicely
>as a reiserfs4 plugin.
>
>The idea isn't original - Bruce Schneier published these a few years ago, but
>mine is apparently the first public implementation:
>
>http://www.counterpane.com/secure-logs.html
>http://www.counterpane.com/auditlog2.html
>
>He also has a patent on it, but said he's willing to let it be used with a
>GPLed implementation.
>
> -J
>
>=============
>
>Does anyone know of another package that does this? The idea is to
>generate a random file key, encrypt it with an auditor's public key
>and ship it to the auditor. Then you use it to encrypt lines of a log
>file. After each line, you hash the file key, throw away the old one,
>and append a MAC.
>
>That way, even if somebody roots your box, they can't read any lines
>of the file already written or modify the log. They can /delete/ the
>log, but can't change already-written lines undetected.
>
>So here's a quick-and-dirty implementation. It uses MDCs instead of a
>proper HMAC, and of course wastes lots of space. Comments?
>
> -J
>
>[jason@erg] ~/.gnupg$ gpg --gen-key
>gpg (GnuPG) 1.2.1; Copyright (C) 2002 Free Software Foundation, Inc.
>This program comes with ABSOLUTELY NO WARRANTY.
>
>[blah blah blah...]
>
>You need a User-ID to identify your key; the software constructs the
>user id
>from Real Name, Comment and Email Address in this form:
> "Heinrich Heine (Der Dichter) <heinrichh@duesseldorf.de>"
>
>Real name: logcrypt
>Email address:
>Comment:
>You selected this USER-ID:
> "logcrypt"
>
>Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? o
>
>[blah blah blah...]
>
>[At this point, you should take the secret key off site...]
>
>[jason@erg] ~/work/logcrypt$ cat >log
>foo
>bar
>baz
>
>[As soon as this starts running, put a copy of filekey somewhere
>safe...]
>[jason@erg] ~/work/logcrypt$ ./logcrypt.pl <log >safe_log 2>/dev/null
>Reading passphrase from file descriptor 0
>Reading passphrase from file descriptor 0
>Reading passphrase from file descriptor 0
>
>[jason@erg] ~/work/logcrypt$ ./readlog.pl <safe_log
>
>You need a passphrase to unlock the secret key for
>user: "logcrypt"
>2048-bit ELG-E key, ID C17F42D7, created 2003-05-03 (main key ID
>EEC68977)
>
>Reading passphrase from file descriptor 0
>gpg: AES encrypted data
>foo
>Reading passphrase from file descriptor 0
>gpg: AES encrypted data
>bar
>Reading passphrase from file descriptor 0
>gpg: AES encrypted data
>baz
>
>================================Code for logcrypt.pl:
>
>#!/usr/bin/perl
>
># (c) 2003 Jason E. Holt
># Released into the public domain
># Encrypt log files with forward secrecy
># Once a line of the file is written, even root can't read it or
># change it without detection. (Assuming that filekey gets recorded
># somewhere safe.)
>
>my $recipient = "logcrypt"; # Name of GPG public key holder
>
>use MD5;
>
>open(RANDOM, "</dev/urandom") or die "Couldn't open /dev/urandom: $!";
>sysread(RANDOM, $filekey, 16, 0);
>
>$filekey = MD5->hexhash($filekey);
>
>open(SAVEFILEKEY, "| gpg -r $recipient -q -e -o filekey")
> or die "Couldn't open pipe to gpg: $!";
>
># Just symmetrically encrypt the log key.
>#open(SAVEFILEKEY, "| gpg -c -o filekey")
># or die "Couldn't open pipe to gpg: $!";
>
>print SAVEFILEKEY $filekey;
>close SAVEFILEKEY;
>
>while(<>) {
> open(GPG,
> "|gpg -q --cipher-algo AES --passphrase-fd 0 -a -c --force-mdc -o
>-")
> or die "Couldn't open gpg: $!";
>
> print GPG $filekey, "\n";
> print GPG $_;
>
> $filekey = MD5->hexhash($filekey);
>}
>
>==================================== Code for readlog.pl
>
>#!/usr/bin/perl
>
># (c) 2003 Jason E. Holt
># Released into the public domain
># Read log files written with logcrypt.pl
>
>use MD5;
>
>open(FILEKEY, "gpg -q -o - filekey |") or die "Couldn't open file key:
>$!";
>my $filekey = join('', <FILEKEY>);
>
>my @lines;
>while(<>) {
> push @lines, $_;
> if(/-----END PGP MESSAGE-----/) {
>
> open(GPG, "| gpg -q --passphrase-fd 0 -o -") or die
> "Couldn't open gpg: $!";
>
> print GPG $filekey, "\n";
> print GPG join('', @lines);
> close GPG;
> @lines = ();
> $filekey = MD5->hexhash($filekey);
> }
>}
>
>
>
>
>
>
--
Hans
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: Encrypted logs with forward secrecy
2003-05-06 10:31 ` Hans Reiser
@ 2003-05-06 10:58 ` Edward Shushkin
2003-05-07 9:54 ` Edward Shushkin
1 sibling, 0 replies; 4+ messages in thread
From: Edward Shushkin @ 2003-05-06 10:58 UTC (permalink / raw)
To: Hans Reiser; +Cc: Jason Holt, reiserfs-list
Hans Reiser wrote:
>
> Edward, please discuss with him making a reiser4 plugin out of it.
ok, just let me to understand details..
Edward.
>
> Hans
>
> Jason Holt wrote:
>
> >I felt the need to code on Saturday, so I wrote up this toy we discovered at
> >DISCEX and posted it to sci.crypt. Hans suggested that it might work nicely
> >as a reiserfs4 plugin.
> >
> >The idea isn't original - Bruce Schneier published these a few years ago, but
> >mine is apparently the first public implementation:
> >
> >http://www.counterpane.com/secure-logs.html
> >http://www.counterpane.com/auditlog2.html
> >
> >He also has a patent on it, but said he's willing to let it be used with a
> >GPLed implementation.
> >
> > -J
> >
> >=============
> >
> >Does anyone know of another package that does this? The idea is to
> >generate a random file key, encrypt it with an auditor's public key
> >and ship it to the auditor. Then you use it to encrypt lines of a log
> >file. After each line, you hash the file key, throw away the old one,
> >and append a MAC.
> >
> >That way, even if somebody roots your box, they can't read any lines
> >of the file already written or modify the log. They can /delete/ the
> >log, but can't change already-written lines undetected.
> >
> >So here's a quick-and-dirty implementation. It uses MDCs instead of a
> >proper HMAC, and of course wastes lots of space. Comments?
> >
> > -J
> >
> >[jason@erg] ~/.gnupg$ gpg --gen-key
> >gpg (GnuPG) 1.2.1; Copyright (C) 2002 Free Software Foundation, Inc.
> >This program comes with ABSOLUTELY NO WARRANTY.
> >
> >[blah blah blah...]
> >
> >You need a User-ID to identify your key; the software constructs the
> >user id
> >from Real Name, Comment and Email Address in this form:
> > "Heinrich Heine (Der Dichter) <heinrichh@duesseldorf.de>"
> >
> >Real name: logcrypt
> >Email address:
> >Comment:
> >You selected this USER-ID:
> > "logcrypt"
> >
> >Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? o
> >
> >[blah blah blah...]
> >
> >[At this point, you should take the secret key off site...]
> >
> >[jason@erg] ~/work/logcrypt$ cat >log
> >foo
> >bar
> >baz
> >
> >[As soon as this starts running, put a copy of filekey somewhere
> >safe...]
> >[jason@erg] ~/work/logcrypt$ ./logcrypt.pl <log >safe_log 2>/dev/null
> >Reading passphrase from file descriptor 0
> >Reading passphrase from file descriptor 0
> >Reading passphrase from file descriptor 0
> >
> >[jason@erg] ~/work/logcrypt$ ./readlog.pl <safe_log
> >
> >You need a passphrase to unlock the secret key for
> >user: "logcrypt"
> >2048-bit ELG-E key, ID C17F42D7, created 2003-05-03 (main key ID
> >EEC68977)
> >
> >Reading passphrase from file descriptor 0
> >gpg: AES encrypted data
> >foo
> >Reading passphrase from file descriptor 0
> >gpg: AES encrypted data
> >bar
> >Reading passphrase from file descriptor 0
> >gpg: AES encrypted data
> >baz
> >
> >================================Code for logcrypt.pl:
> >
> >#!/usr/bin/perl
> >
> ># (c) 2003 Jason E. Holt
> ># Released into the public domain
> ># Encrypt log files with forward secrecy
> ># Once a line of the file is written, even root can't read it or
> ># change it without detection. (Assuming that filekey gets recorded
> ># somewhere safe.)
> >
> >my $recipient = "logcrypt"; # Name of GPG public key holder
> >
> >use MD5;
> >
> >open(RANDOM, "</dev/urandom") or die "Couldn't open /dev/urandom: $!";
> >sysread(RANDOM, $filekey, 16, 0);
> >
> >$filekey = MD5->hexhash($filekey);
> >
> >open(SAVEFILEKEY, "| gpg -r $recipient -q -e -o filekey")
> > or die "Couldn't open pipe to gpg: $!";
> >
> ># Just symmetrically encrypt the log key.
> >#open(SAVEFILEKEY, "| gpg -c -o filekey")
> ># or die "Couldn't open pipe to gpg: $!";
> >
> >print SAVEFILEKEY $filekey;
> >close SAVEFILEKEY;
> >
> >while(<>) {
> > open(GPG,
> > "|gpg -q --cipher-algo AES --passphrase-fd 0 -a -c --force-mdc -o
> >-")
> > or die "Couldn't open gpg: $!";
> >
> > print GPG $filekey, "\n";
> > print GPG $_;
> >
> > $filekey = MD5->hexhash($filekey);
> >}
> >
> >==================================== Code for readlog.pl
> >
> >#!/usr/bin/perl
> >
> ># (c) 2003 Jason E. Holt
> ># Released into the public domain
> ># Read log files written with logcrypt.pl
> >
> >use MD5;
> >
> >open(FILEKEY, "gpg -q -o - filekey |") or die "Couldn't open file key:
> >$!";
> >my $filekey = join('', <FILEKEY>);
> >
> >my @lines;
> >while(<>) {
> > push @lines, $_;
> > if(/-----END PGP MESSAGE-----/) {
> >
> > open(GPG, "| gpg -q --passphrase-fd 0 -o -") or die
> > "Couldn't open gpg: $!";
> >
> > print GPG $filekey, "\n";
> > print GPG join('', @lines);
> > close GPG;
> > @lines = ();
> > $filekey = MD5->hexhash($filekey);
> > }
> >}
> >
> >
> >
> >
> >
> >
>
> --
> Hans
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: Encrypted logs with forward secrecy
2003-05-06 10:31 ` Hans Reiser
2003-05-06 10:58 ` Edward Shushkin
@ 2003-05-07 9:54 ` Edward Shushkin
1 sibling, 0 replies; 4+ messages in thread
From: Edward Shushkin @ 2003-05-07 9:54 UTC (permalink / raw)
To: Hans Reiser; +Cc: Jason Holt, reiserfs-list
Hans Reiser wrote:
>
> Edward, please discuss with him making a reiser4 plugin out of it.
>
> Hans
>
> Jason Holt wrote:
>
> >I felt the need to code on Saturday, so I wrote up this toy we discovered at
> >DISCEX and posted it to sci.crypt. Hans suggested that it might work nicely
> >as a reiserfs4 plugin.
> >
> >The idea isn't original - Bruce Schneier published these a few years ago, but
> >mine is apparently the first public implementation:
> >
> >http://www.counterpane.com/secure-logs.html
> >http://www.counterpane.com/auditlog2.html
Well, it is a good idea to not keep a key in memory which allows to reveal
everything.. I guess that write method should create appropriate signatures
and update current key, and read method should contain authentication process
and call permission plugin.
Edward.
> >
> >He also has a patent on it, but said he's willing to let it be used with a
> >GPLed implementation.
> >
> > -J
> >
> >=============
> >
> >Does anyone know of another package that does this? The idea is to
> >generate a random file key, encrypt it with an auditor's public key
> >and ship it to the auditor. Then you use it to encrypt lines of a log
> >file. After each line, you hash the file key, throw away the old one,
> >and append a MAC.
> >
> >That way, even if somebody roots your box, they can't read any lines
> >of the file already written or modify the log. They can /delete/ the
> >log, but can't change already-written lines undetected.
> >
> >So here's a quick-and-dirty implementation. It uses MDCs instead of a
> >proper HMAC, and of course wastes lots of space. Comments?
> >
> > -J
> >
> >[jason@erg] ~/.gnupg$ gpg --gen-key
> >gpg (GnuPG) 1.2.1; Copyright (C) 2002 Free Software Foundation, Inc.
> >This program comes with ABSOLUTELY NO WARRANTY.
> >
> >[blah blah blah...]
> >
> >You need a User-ID to identify your key; the software constructs the
> >user id
> >from Real Name, Comment and Email Address in this form:
> > "Heinrich Heine (Der Dichter) <heinrichh@duesseldorf.de>"
> >
> >Real name: logcrypt
> >Email address:
> >Comment:
> >You selected this USER-ID:
> > "logcrypt"
> >
> >Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? o
> >
> >[blah blah blah...]
> >
> >[At this point, you should take the secret key off site...]
> >
> >[jason@erg] ~/work/logcrypt$ cat >log
> >foo
> >bar
> >baz
> >
> >[As soon as this starts running, put a copy of filekey somewhere
> >safe...]
> >[jason@erg] ~/work/logcrypt$ ./logcrypt.pl <log >safe_log 2>/dev/null
> >Reading passphrase from file descriptor 0
> >Reading passphrase from file descriptor 0
> >Reading passphrase from file descriptor 0
> >
> >[jason@erg] ~/work/logcrypt$ ./readlog.pl <safe_log
> >
> >You need a passphrase to unlock the secret key for
> >user: "logcrypt"
> >2048-bit ELG-E key, ID C17F42D7, created 2003-05-03 (main key ID
> >EEC68977)
> >
> >Reading passphrase from file descriptor 0
> >gpg: AES encrypted data
> >foo
> >Reading passphrase from file descriptor 0
> >gpg: AES encrypted data
> >bar
> >Reading passphrase from file descriptor 0
> >gpg: AES encrypted data
> >baz
> >
> >================================Code for logcrypt.pl:
> >
> >#!/usr/bin/perl
> >
> ># (c) 2003 Jason E. Holt
> ># Released into the public domain
> ># Encrypt log files with forward secrecy
> ># Once a line of the file is written, even root can't read it or
> ># change it without detection. (Assuming that filekey gets recorded
> ># somewhere safe.)
> >
> >my $recipient = "logcrypt"; # Name of GPG public key holder
> >
> >use MD5;
> >
> >open(RANDOM, "</dev/urandom") or die "Couldn't open /dev/urandom: $!";
> >sysread(RANDOM, $filekey, 16, 0);
> >
> >$filekey = MD5->hexhash($filekey);
> >
> >open(SAVEFILEKEY, "| gpg -r $recipient -q -e -o filekey")
> > or die "Couldn't open pipe to gpg: $!";
> >
> ># Just symmetrically encrypt the log key.
> >#open(SAVEFILEKEY, "| gpg -c -o filekey")
> ># or die "Couldn't open pipe to gpg: $!";
> >
> >print SAVEFILEKEY $filekey;
> >close SAVEFILEKEY;
> >
> >while(<>) {
> > open(GPG,
> > "|gpg -q --cipher-algo AES --passphrase-fd 0 -a -c --force-mdc -o
> >-")
> > or die "Couldn't open gpg: $!";
> >
> > print GPG $filekey, "\n";
> > print GPG $_;
> >
> > $filekey = MD5->hexhash($filekey);
> >}
> >
> >==================================== Code for readlog.pl
> >
> >#!/usr/bin/perl
> >
> ># (c) 2003 Jason E. Holt
> ># Released into the public domain
> ># Read log files written with logcrypt.pl
> >
> >use MD5;
> >
> >open(FILEKEY, "gpg -q -o - filekey |") or die "Couldn't open file key:
> >$!";
> >my $filekey = join('', <FILEKEY>);
> >
> >my @lines;
> >while(<>) {
> > push @lines, $_;
> > if(/-----END PGP MESSAGE-----/) {
> >
> > open(GPG, "| gpg -q --passphrase-fd 0 -o -") or die
> > "Couldn't open gpg: $!";
> >
> > print GPG $filekey, "\n";
> > print GPG join('', @lines);
> > close GPG;
> > @lines = ();
> > $filekey = MD5->hexhash($filekey);
> > }
> >}
> >
> >
> >
> >
> >
> >
>
> --
> Hans
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2003-05-07 9:54 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2003-05-06 5:22 Encrypted logs with forward secrecy Jason Holt
2003-05-06 10:31 ` Hans Reiser
2003-05-06 10:58 ` Edward Shushkin
2003-05-07 9:54 ` Edward Shushkin
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.