4

I'm using Lumberjack as logging platform (Objective C/Swift) Is there any way to write the logs to file as encrypted?

  • If yes, then any example would be useful
  • Also, how to read the encrypted logs afterwards
  • Are there different type of encryption for intensive logging? I heard about Block Encryption
oguz ismail
  • 1
  • 16
  • 47
  • 69
Ilan Levy
  • 191
  • 1
  • 2
  • 11

2 Answers2

2

if you want to roll your own custom logger

import CocoaLumberjack
import Security

public class EncryptedLogger: DDAbstractLogger {
    let key: SecKey!
    let blockSize : Int
    let padding : SecPadding
    
    init(key: SecKey!, blockSize : Int = 128, padding: SecPadding = .PKCS1) {
        self.key = key
        self.blockSize = blockSize
        self.padding = padding
    }

    convenience init(keyFilePath: String, blockSize: Int = 128, padding: SecPadding = .PKCS1) {
        //TODO: load key from file
        self.init(key: nil, blockSize: blockSize, padding: padding)
    }
    
    /**
     *  The log message method
     *
     *  @param logMessage the message (model)
     */
    public override func logMessage(logMessage: DDLogMessage!) {
        let plainText = logFormatter != nil ? logFormatter.formatLogMessage(logMessage) : logMessage.message;
        
        let plainTextData = [UInt8](plainText.utf8)
        
        var encryptedData = [UInt8](count: Int(blockSize), repeatedValue: 0)
        var encryptedDataLength = blockSize
        
        let result = SecKeyEncrypt(key, padding, plainTextData, plainTextData.count, &encryptedData, &encryptedDataLength)
        
        //TODO: write the encryptedData to a file or post it to some endpoint
        //...
    }

    @objc
    public override var loggerName: String! {
        get {
            return "\(self.dynamicType)"
        }
    }
}
Community
  • 1
  • 1
Daij-Djan
  • 49,552
  • 17
  • 113
  • 135
1

IF you can live with the device encryption available

setup apple filesystem encryption in your app's plist and forget about the issue :)

read more about it here:
https://developer.apple.com/library/ios/documentation/FileManagement/Conceptual/FileSystemProgrammingGuide/FileSystemOverview/FileSystemOverview.html

or a shorter summary (bottom of the page):
http://www.darthnull.org/2014/10/06/ios-encryption

how it works:

set the data protection entitlement to enabled for your app id to protect all your app's files: required capability

alternative way: you can set NSFileProtection flags to files upon writing.

the objC code: 

NSDictionary *fileAttributes = [NSDictionary dictionaryWithObject:NSFileProtectionComplete forKey:NSFileProtectionKey];
if (![[NSFileManager defaultManager] setAttributes:fileAttributes ofItemAtPath:filePath error:error]) {
    return NO;
}
return YES;
Daij-Djan
  • 49,552
  • 17
  • 113
  • 135
  • 1
    The links do not contain information on setting filesystem encryption in the app's plist. – zaph May 22 '16 at 11:52
  • I'm developing a framework with sensitive IP data, the logs should be encrypted so they can be sent to us and decrypted only by us. I'm looking for a simple asymetric encryption that would allow to encrypt the logs from the client (android/ios) and decrypt from the server (nodejs). All the encryption code I saw are good to be encrypted and decrypted by the client. Which is not what I'm looking for. Also the encryption is not meant to protect the user's data but the company's IP. I hope this clarify the question. – Ilan Levy Jun 01 '16 at 06:37
  • well subclass the loggers you care about and use secKeyEncrypt. – Daij-Djan Jun 01 '16 at 06:42
  • I hadn't had the chance to try it yet, I'll update you later on. Looks like what I was looking for ! – Ilan Levy Aug 13 '16 at 09:51