One approach that comes to my mind is to create a brand new provider using e.g. openssl. Provide a new configure option to build that. If the new crypto provider is turned on, then it will be used. Otherwise, if --enable-libgcrypt was passed to configure, then libgcrypt will be used. For logs decryption, the rscryutils binary will be compiled based on what configure option was passed to it. This ensures that the default behavior is not changed and also we can add/remove/change CLI options for the rscryutils prog. I am open to any suggestions :)
On Mon, Apr 15, 2024 at 12:09 PM Rainer Gerhards <rgerha...@hq.adiscon.com> wrote: > Sound good to me, as long as everything is backwards-compatible ;-) > > Else we need to discuss pro and con (I guess there a lot of pro!) > > Rainer > > El lun, 15 abr 2024 a las 11:55, Attila Lakatos via rsyslog > (<rsyslog@lists.adiscon.com>) escribió: > > > > > Hello, > > > > Currently, log messages written to files can undergo encryption using the > > libgcrypt cryptographic library [1]. This works fine, logs can be encoded > > and successfully decoded but I think the library has some drawbacks: > > > > - algorithms are hardcoded, if someone would want to use something > else, > > then they would need to request it first > > - the same applies to the algorithm mode > > - If I am not mistaken, the libgcrypt library is part of rsyslog only > > for this purpose -> adds extra dependency that maintainers need to > cover > > > > I would like to ask if there is any chance that a new crypto provider > will > > be part of the project in the future? For example openssl (or gnutls) > could > > provide the same functionality and it could reduce the amount of > > dependencies the project currently has. I would gladly craft a patch or > two. > > What do you think? > > > > [1] https://www.rsyslog.com/doc/configuration/cryprov_gcry.html > > > > Attila > > _______________________________________________ > > rsyslog mailing list > > https://lists.adiscon.net/mailman/listinfo/rsyslog > > http://www.rsyslog.com/professional-services/ > > What's up with rsyslog? Follow https://twitter.com/rgerhards > > NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad > of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you > DON'T LIKE THAT. > > _______________________________________________ rsyslog mailing list https://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
