On 4/10/2013 12:53 PM, dav74 wrote:
Hi,
I am looking for a solution for "live" encryption of data flow to a file.
Actually i am able to encrypt a file using :
openssl smime -binary -encrypt -aes256 -in proxy.log -out proxy.log.enc
certificate-file.crt
While in theory the smime/cms/pkcs#7 encryption forward could be
implemented without loading the whole file into memory, the format
stores important information after the end of data, which could make
it very difficult to decrypt if logging is interrupted, e.g. by a
machine crash, a kill -9 or a disk full.
If you don't mind using a fixed encryption key (as opposed to a
public key based solution where the decryption key is not on the
serve), you might have better luck with the "openssl enc" command.
What i want to do is live crypt all the data coming to proxy.log file.
syslog-ng as a functionnality called program() which do nothing more than
sending each log lines to a file (through a "|").
How coul i use the previous command for live data encryption ? do i need to
change cipher type ?
FYI i have already tried to use /dev/stdin as source filename, but it doesn
t do live encryption... openssl store the data in memory until the file is
closed...
Kind regards,
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
Transformervej 29, 2730 Herlev, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
