Introduction

Extracting and decrypting encrypted logs requires the open source SECCURE ECC public key encryption toolset under the GNU Lesser General Public License v3 (LGPL).

Source packages and documentations can be found at: http://point-at-infinity.org/seccure/

See the installation instructions for the Python SECCURE library at:

https://github.com/bwesterb/py-seccure


Technical Specification

The Authentic8 API returns encrypted log data as a serialized JSON object.  The encrypted log data is returned as a key-value pair with “enc” as the key and the encrypted, base64 encoded log data as the value.

    


Steps


Steps to decrypt encrypted logs:

 

Refer to the details in Authentic8 API Log Extraction Reference Scripts for extracting encrypted logs using the Authentic8 API.

 

Sample output:

 

{

"create_ts": 1407887060.423214,

"enc": "Af2lb83WyDW+C/CRnOJJ0uWSknOadVSbo7qWCWKMmuBPQU3H1L62x2U+Pj0eKRPi+ImKbZEsCmi24fY08IwcKUg8bhpYv7Kon+p3U1wMPLaw8IMosPXr0Gcq2XHaNVax3nAV6hA1TpwCZa7mNbFHd3VRbgsrL9hS2f+eR2rFdoNTiXnQ2Oizy2Z2nw5rxhfWuqUmABN94yRdU0ynWgQi+ZD0v3kiJrE+nzty+DKNjXTE4es10hlFdS5VpWORn18t2rHhTsoBXKIOQN7Lqw==",

"key_name": "SiloLogs",

"org_id": "53c6497455f5976381426ee6fa3e0354",

"type": "ENC"

}

The output is base64 encoded so the “enc” value needs to be decoded before decryption.

 

base64 -D -i <inputfile> -o <outputfile>

 

Decrypt the encrypted log data using your private key:

 

seccure-decrypt  -c p256 -m 80 -i <inputfile> -o <outputfile> -F <private_key.txt>



Additional Notes  

Please contact Support if you have any additional questions and/or require further information.