While this approach makes it easier to add new algorithms, it isn't going to do
anything to reduce the load on the maintainers.
Is there any way to duplicate the existing functionality with openssl or gnutls
libraries?
given that some people prefer openssl and some prefer gnutls, I think that we
will need to make the new option work with both.
David Lang
On Tue, 16 Apr 2024, Attila Lakatos via rsyslog wrote:
One approach that comes to my mind is to create a brand new provider using
e.g. openssl. Provide
a new configure option to build that. If the new crypto provider is turned
on, then it will be used. Otherwise,
if --enable-libgcrypt was passed to configure, then libgcrypt will be used.
For logs decryption, the rscryutils binary will be compiled based on what
configure option was passed to it.
This ensures that the default behavior is not changed and also we can
add/remove/change CLI options
for the rscryutils prog.
I am open to any suggestions :)
On Mon, Apr 15, 2024 at 12:09 PM Rainer Gerhards <rgerha...@hq.adiscon.com>
wrote:
Sound good to me, as long as everything is backwards-compatible ;-)
Else we need to discuss pro and con (I guess there a lot of pro!)
Rainer
El lun, 15 abr 2024 a las 11:55, Attila Lakatos via rsyslog
(<rsyslog@lists.adiscon.com>) escribió:
>
> Hello,
>
> Currently, log messages written to files can undergo encryption using the
> libgcrypt cryptographic library [1]. This works fine, logs can be encoded
> and successfully decoded but I think the library has some drawbacks:
>
> - algorithms are hardcoded, if someone would want to use something
else,
> then they would need to request it first
> - the same applies to the algorithm mode
> - If I am not mistaken, the libgcrypt library is part of rsyslog only
> for this purpose -> adds extra dependency that maintainers need to
cover
>
> I would like to ask if there is any chance that a new crypto provider
will
> be part of the project in the future? For example openssl (or gnutls)
could
> provide the same functionality and it could reduce the amount of
> dependencies the project currently has. I would gladly craft a patch or
two.
> What do you think?
>
> [1] https://www.rsyslog.com/doc/configuration/cryprov_gcry.html
>
> Attila
> _______________________________________________
> rsyslog mailing list
> https://lists.adiscon.net/mailman/listinfo/rsyslog
> http://www.rsyslog.com/professional-services/
> What's up with rsyslog? Follow https://twitter.com/rgerhards
> NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad
of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you
DON'T LIKE THAT.
_______________________________________________
rsyslog mailing list
https://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE
THAT.
_______________________________________________
rsyslog mailing list
https://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE
THAT.
