Extracting and decrypting encrypted logs requires the open source SECCURE ECC public key encryption toolset under the GNU Lesser General Public License v3 (LGPL).  

Source packages and documentations can be found at: http://point-at-infinity.org/seccure/

See the installation instructions for the Python SECCURE library at:
https://github.com/bwesterb/py-seccure

The Authentic8 API returns encrypted log data as a serialized JSON object.  The encrypted log data is returned as a key-value pair with “enc” as the key and the encrypted, base64 encoded log data as the value.

Steps to decrypt encrypted logs:


  1. Refer to the details in Authentic8 API Log Extraction Reference Scripts for extracting encrypted logs using the Authentic8 API.


Sample output:

{
"create_ts": 1407887060.423214,
"enc": "Af2lb83WyDW+C/CRnOJJ0uWSknOadVSbo7qWCWKMmuBPQU3H1L62x2U+Pj0eKRPi+ImKbZEsCmi24fY08IwcKUg8bhpYv7Kon+p3U1wMPLaw8IMosPXr0Gcq2XHaNVax3nAV6hA1TpwCZa7mNbFHd3VRbgsrL9hS2f+eR2rFdoNTiXnQ2Oizy2Z2nw5rxhfWuqUmABN94yRdU0ynWgQi+ZD0v3kiJrE+nzty+DKNjXTE4es10hlFdS5VpWORn18t2rHhTsoBXKIOQN7Lqw==",
"key_name": "SiloLogs",
"org_id": "53c6497455f5976381426ee6fa3e0354",
"type": "ENC"
}


  1. The output is base64 encoded so the “enc” value needs to be decoded before decryption.


base64 -D -i <inputfile> -o <outputfile>



  1. Decrypt the encrypted log data using your private key:


seccure-decrypt  -c p256 -m 80 -i <inputfile> -o <outputfile> -F <private_key.txt>