Support for Encrypting Log Files

[DenisDolgunov]

If have some plans to add encrypting files in the project, what's best practice for do it?

[cocowalla]

There is some discussion on compression in #48, which very much relates to file encryption. Like compression, there are 2 approaches to encrypting files:

1. Streaming
2. All at once when the log is closed/rolled

For encryption, you would generally want the 1st option, to ensure the plaintext was never written to disk in the first place.

I have a fork that allows wrapping the output stream here. The use case being demonstrated was compression, but I had encryption in mind too - the point is that wrapping the output stream is an extensible approach that allows for a variety of use cases.

[nblumhardt]

Note this may be covered by #80.

[nblumhardt]

I think we should close this as "optimistically, enabled by #80", which is now on NuGet in the -dev preview package. If it turns out the file lifecycle hooks we currently support are inadequate, we can open a new ticket and follow on from there.

Let us know if you take a shot at this, @DenisDolgunov - happy to help with the details.

[cocowalla]

@DenisDolgunov now #80 is in dev, can you say a bit more about your use case? A few questions:

1. Where will your key material come from (e.g. X.509 certificate or key, config file, environment variable, API call)?

2. What algorithm(s) did you have in mind?

3. Had you given any thought to a MAC or cryptographic signature?