Bro crashes when using &encrypt

Description

Bro crashes when applying the &encrypt attribute when opening a file.

bro -Ci eth0 -e 'global f1: file = open("f.out") &encrypt;'

Environment

bro version 2.3-263-debug

Activity

Show:
Jon Siwek
October 31, 2014, 5:16 PM

Fixed in master. But missing test case since I couldn't quickly come up with a way to reverse the operation via command line or script: seems like one may need to write a small program to parse the file header and then use the openssl envelope api to do the asymmetric decryption.

Robin Sommer
October 31, 2014, 11:35 PM

Bro 1.5 came with a tool bdcat that decrypts these files. I'm reopening the ticket to see if we want to bring that back.

Seth Hall
November 1, 2014, 3:35 AM

Bro used to ship with this tool. It was named bdcat.

Jon Siwek
November 3, 2014, 3:32 PM

Bro 1.5 came with a tool bdcat that decrypts these files. I'm reopening the ticket to see if we want to bring that back.

Just noticed "log_encryption_key" is marked deprecated, so maybe we should actually be removing things instead of fixing/adding ?

Robin Sommer
November 3, 2014, 3:54 PM

I don't remember if we discussed this already at some point, which may
have then led to the deprecation. I'm fine either way. It's a nice
capability in principle, but given that files aren't our main logging
mechanism anymore, it's unlikely anybody is actually using it. So in
the spirit of removing complexity, maybe that's indeed the right thing
to do.

Indpendent of that, an item for the todo list is adding encryption
support to the logging framework. But that needs a larger project, I'm
hoping that we can do better than just encrypt a whole file with a
single key. Would be nice to give out partial access in some form, but
not quite sure how that would look like.

Robin

Jon Siwek
March 13, 2015, 8:33 PM

It's fixed, but deprecated now.

Assignee

Unassigned

Reporter

AK

Labels

None

External issue ID

None

Components

Fix versions

Priority

Normal
Configure