Welcome to the VanDyke Software Forums

Join the discussion today!


Go Back   VanDyke Software Forums > General

Reply
 
Thread Tools Display Modes
  #1  
Old 04-20-2018, 12:50 PM
nvertedflyer nvertedflyer is offline
Registered User
 
Join Date: Apr 2018
Posts: 11
Question Is it possible to digitially sign SecureCRT log files?

Hello,

Is it possible to digitally sign a log file from within SecureCRT or possibly trigger an event that will pass some variables to something like OpenSSL in order to digitally sign a log file?

It would be advantageous to be able to prove log file authenticity, which is difficult with a plain text file.

Thanks for making as awesome product, Van Dyke!
Reply With Quote
  #2  
Old 04-20-2018, 01:07 PM
bgagnon bgagnon is offline
VanDyke Technical Support
 
Join Date: Oct 2008
Posts: 4,438
Hi nvertedflyer,

One of the actions that can be mapped to buttons or keys is to run an application, but can you explain more about what you are trying to accomplish?

What version of SecureCRT are you using?

On what platform?

Is it a log you have generated *in* SecureCRT that you wish to be signed?
__________________
Thanks,
--Brenda

VanDyke Software
Technical Support
support@vandyke.com
(505) 332-5730
Reply With Quote
  #3  
Old 04-20-2018, 01:12 PM
nvertedflyer nvertedflyer is offline
Registered User
 
Join Date: Apr 2018
Posts: 11
Hello and thanks for the fast response!

I should have been more specific.

I'm currently running "Version 8.1.4 (x64 build 1443) - Official Release - August 10, 2017" on Windows 10 on one PC and the latest version (downloaded yesterday) on another.

This is specifically in reference to session logs generated from within SecureCRT.

Thanks!
Reply With Quote
  #4  
Old 04-20-2018, 01:46 PM
bgagnon bgagnon is offline
VanDyke Technical Support
 
Join Date: Oct 2008
Posts: 4,438
Hi nvertedflyer,

How would you accomplish such a task manually?
__________________
Thanks,
--Brenda

VanDyke Software
Technical Support
support@vandyke.com
(505) 332-5730
Reply With Quote
  #5  
Old 04-23-2018, 06:15 AM
nvertedflyer nvertedflyer is offline
Registered User
 
Join Date: Apr 2018
Posts: 11
Using OpenSSL you can create a signature file containing a hash of the original file that can be used for verification of the original file.

https://raymii.org/s/tutorials/Sign_...mand_Line.html
Reply With Quote
  #6  
Old 04-23-2018, 08:57 AM
bgagnon bgagnon is offline
VanDyke Technical Support
 
Join Date: Oct 2008
Posts: 4,438
Hi nvertedflyer,

So what are the circumstances surrounding you needing to sign the log file?

If you are trying to automate this, then simulating any command you type would be accomplished by using the Send() method (Screen Object).

Assuming that you are logging via the Terminal / Log File category of Session Options, then you can get the path to the log file by using the LogFileName property of the Session Object. (See Scripting / Script Objects Reference Help topics.)
__________________
Thanks,
--Brenda

VanDyke Software
Technical Support
support@vandyke.com
(505) 332-5730
Reply With Quote
  #7  
Old 04-23-2018, 09:18 AM
nvertedflyer nvertedflyer is offline
Registered User
 
Join Date: Apr 2018
Posts: 11
Hi Brenda,

When making changes to a network environment (or really any environment, I guess) it would be helpful to have a reliable method for reviewing the changes that have been made without wondering if the data has been altered.

For example, an engineer makes a network change that results in an outage. If the outage were caused by a software bug then having a reliable and verified log file would help prove that the engineer in question did nothing wrong.

With plain text files, the argument could be made that it was altered to show nothing was done by the engineer. But a signed and verifiable file would be more trustworthy.
Reply With Quote
  #8  
Old 04-23-2018, 09:45 AM
bgagnon bgagnon is offline
VanDyke Technical Support
 
Join Date: Oct 2008
Posts: 4,438
Hi nvertedflyer,

But what you are suggesting could be manipulated by someone altering the log file manually and just signing it again.

I have added this thread to the following feature requests in our product enhancement database:
  • Enterprise logging for auditing purposes
  • Administrative mechanism (.adm template) to unconditionally log all communications (and prevent unauthorized changes)
Should a future release of SecureCRT include either feature, notification will be posted here.
__________________
Thanks,
--Brenda

VanDyke Software
Technical Support
support@vandyke.com
(505) 332-5730
Reply With Quote
  #9  
Old 04-23-2018, 11:02 AM
nvertedflyer nvertedflyer is offline
Registered User
 
Join Date: Apr 2018
Posts: 11
Exactly! This is why I'm hoping for a way to do it programmatically from within SecureCRT. If the signature were stored unalterably within the program, for instance, it would help tremendously. At the very least it could be cross-referenced with session timers to ensure that the file was created at the same time the session ended. But I'm sure that there are even better ways to do something like this.

Thanks for adding it as a feature request!
Reply With Quote
Reply

Tags
authenticity , digital signature , openssl , pki


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT -6. The time now is 06:00 AM.