-
-
Notifications
You must be signed in to change notification settings - Fork 208
Encrypt capture #52
Copy link
Copy link
Open
Labels
needs: configIndicates the issue requires changes in the config file/flagsIndicates the issue requires changes in the config file/flagsneeds: docsIndicates that the issue needs documentation updatesIndicates that the issue needs documentation updatesscope: captureAnything related to capturesAnything related to captures
Description
Metadata
Metadata
Assignees
Labels
needs: configIndicates the issue requires changes in the config file/flagsIndicates the issue requires changes in the config file/flagsneeds: docsIndicates that the issue needs documentation updatesIndicates that the issue needs documentation updatesscope: captureAnything related to capturesAnything related to captures
Description
In stringent security environments, it might be desirable to encrypt all the capture data including processes, handles, and, of course, kernel events. For this purpose, the
capconfiguration section should get a couple of new attributes including the encryption algorithm (e.g. aes) and the actual encryption key. We should provide the ability to load the key from alternative sources, e.g. environment variables or vault stores. The encryption algorithm will get stored in the capture flags bitset that is part of the kcap header, so we can effectively compare the algorithm that was used to encrypt the kcap with the one that is specified in the configuration and bail out when they differ.References
https://golang.org/pkg/crypto/cipher/
https://golang.org/pkg/crypto/rsa/
https://github.com/hashicorp/vault/tree/master/api