[
https://issues.apache.org/jira/browse/LOG4J2-3508?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17537764#comment-17537764
]
Matt Sicker commented on LOG4J2-3508:
-------------------------------------
This has natural overlap with the encrypted layout issues
(https://issues.apache.org/jira/browse/LOG4J2-2930 and
https://issues.apache.org/jira/browse/LOG4J2-1000) which sound interesting.
Volcano has a good point, though, that it would be worth trying out as a
standalone plugin jar rather than integrating directly into log4j. I would lean
toward this being a _potential_ core feature in the future since the Java
cryptography APIs are part of java.base, but such a feature could also benefit
from additional security review to ensure we aren't introducing new
vulnerabilities.
If you do publish this on your own, that doesn't prevent us from adding it to
the project later. That's how some other features were added here after all!
> Add a signature appender to the log4j2 core
> -------------------------------------------
>
> Key: LOG4J2-3508
> URL: https://issues.apache.org/jira/browse/LOG4J2-3508
> Project: Log4j 2
> Issue Type: New Feature
> Components: Appenders
> Reporter: Simon Huang
> Priority: Minor
>
> h2. Goal
> Merge our implementation of a Signature appender into the log4j2 core.
> h2. What is a signature appender?
> Hello log4j2 contributors,
> I am a working student at Siemens and my superiours were looking for a way to
> add a signature to their logs. The solution that we came up with is an outer
> appender that works similar to the failover appender, i.e. it adds a
> signature and delegates the appending to another appender.
> You can see our solution at
> [github|https://github.com/simon-hng-smns/log4j2_signature_appender/tree/main]
> as wenn as an [example
> implementation|https://github.com/simon-hng-smns/log4j2_signature_appender/tree/example-implementation].
> We would appreciate any and all feedback, and hope you can guide us to
> necessary changes, in order to incorporate our appender.
> h2. How does it work?
> The SignatureAppender takes in an inner appender, which can now use the
> {{%sign}} PatternConverter.
> {code:xml}
> <Appenders>
> <SignatureAppender name="signatureAppender"
> signatureAlgorithm="SHA256withRSA"
> pathToKeyStore="signatureKeyStore.p12"
> keyStorePassword="password"
> >
> <Console name="console">
> <PatternLayout pattern="[%sign] %m%n"/>
> </Console>
> </SignatureAppender>
> </Appenders>
> {code}
> h3. Creating the signature
> The signature is created using the internal java class {{Signature}}, which
> gets a formatted message and the last signature and signs like this
> {code:java}
> Signature.update(message + lastSignature)
> {code}
> h3. In general the steps are the following:
> # SignatureAppender gets LogEvent creates the formatted message.
> # Using this formatted message and the lastSignature, a signature is created
> which we use to create a LogEvent with the signature as a property
> # This new LogEvent is then send to the inner appender, where it is used by
> the SignaturePatternConverter
>
--
This message was sent by Atlassian Jira
(v8.20.7#820007)
