Crypto Logs

The crypto-log feature allows producing a signed report of MPCClosedMultiparty computation - A methodology for parties to jointly compute a function of their inputs while keeping those inputs private. crypto operations performed by EP and its Partner. The report may be produced by Root SOClosedSecurity officer - UKC partition administrator role. or a partition SOClosedSecurity officer - UKC partition administrator role.. When produced by a partition SOClosedSecurity officer - UKC partition administrator role. it addresses MPCClosedMultiparty computation - A methodology for parties to jointly compute a function of their inputs while keeping those inputs private. operations in its partition.

The material for such report is accumulated by both servers separately in the ub-ekm-crypto.log file:

  • On Linux, /opt/ekm/logs/ub-ekm-crypto.log.
  • On Windows,
    C:\Program Files\Dyadic\ekm\tomcat\logs\ub-ekm-crypto.log.

Crypto Log Format

A crypto log in ub-ekm-crypto.log is comprised of the following 9 fields:

Num Name Value Note
1 Date YYYY-MM-DD  
2 Time HH:MM:SS,uuu 1
3 Partition Partition name 2
4 Job an ID 3
5 Key Type    
6 Key UID  
7 Operation Operation name  
8 RV The result of the operation (Return Value) 4
9 Algorithm Name of the crypto algorithm used by the operation 5

Notes:

  1. Time is presented according to the Zero timezone (GMT) clock.
  2. Partition name "0000000" indicates internal CORE resource.
  3. The Job ID is internal info. It is used to match reports stored in EP and its Partner's files.
  4. rv=0 indicates the success of the operation.
  5. This field is omitted if the operation has no specific crypto algorithm. For example, when refreshing the key material.

Operations:

Crypto Log Report

Starting with the release 2.0.2001 SOs can generate and validate a signed Crypto Log report.

Generation

A partition SOClosedSecurity officer - UKC partition administrator role. and Root SOClosedSecurity officer - UKC partition administrator role. generate the corresponding crypto log reports using UI Configuration ˃ Servers ˃ Select Server ˃ Download Crypto Logs where they specify the required period. Refer to Download Crypto Logs.

The report is log_<date and time>.gz that contains:

  • signature.dat - the signature of the logz.txt.gz file
  • logz.txt.gz file that contains the log.txt file.

Integrity Assertion

To validate the authenticity of the crypto log file:

  1. Obtain the verification key:
  2. Validate the signature
  3. openssl dgst -sha256 -verify integrity-key.pem -signature signature.dat logs.txt