Skip to content

Encrypt capture #52

New issue
New issue
Open
Open
Encrypt capture#52
Labels
needs: configIndicates the issue requires changes in the config file/flagsneeds: docsIndicates that the issue needs documentation updatesscope: captureAnything related to captures
@rabbitstack

Description

@rabbitstack
rabbitstack
opened on Mar 1, 2021

Description

In stringent security environments, it might be desirable to encrypt all the capture data including processes, handles, and, of course, kernel events. For this purpose, the cap configuration section should get a couple of new attributes including the encryption algorithm (e.g. aes) and the actual encryption key. We should provide the ability to load the key from alternative sources, e.g. environment variables or vault stores. The encryption algorithm will get stored in the capture flags bitset that is part of the kcap header, so we can effectively compare the algorithm that was used to encrypt the kcap with the one that is specified in the configuration and bail out when they differ.

References

https://golang.org/pkg/crypto/cipher/
https://golang.org/pkg/crypto/rsa/
https://github.com/hashicorp/vault/tree/master/api

Metadata

Metadata

Assignees

No one assigned

    Labels

    needs: configIndicates the issue requires changes in the config file/flagsneeds: docsIndicates that the issue needs documentation updatesscope: captureAnything related to captures

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions