Loading...
Searching...
No Matches
integrity_policy.h File Reference
Tamper-evident log signing policies for writers. More...
#include <kcenon/logger/security/secure_key_storage.h>#include <iomanip>#include <memory>#include <sstream>#include <string>#include <utility>
Include dependency graph for integrity_policy.h:
This graph shows which files directly or indirectly include this file:
Go to the source code of this file.
Classes | |
| class | kcenon::logger::security::integrity_policy |
| Abstract interface for log integrity signing. More... | |
| class | kcenon::logger::security::hmac_sha256_integrity_policy |
| HMAC-SHA256 integrity policy (ISO/IEC 27001 A.12.4.2 default). More... | |
Namespaces | |
| namespace | kcenon |
| namespace | kcenon::logger |
| namespace | kcenon::logger::security |
Functions | |
| std::string | kcenon::logger::security::format_signature_suffix (const integrity_policy &policy, const std::string &record) |
| Format a signature line suitable for appending to a text log record. | |
Detailed Description
Tamper-evident log signing policies for writers.
Issue #612 (ISO/IEC 27001 A.12.4.2 / A.12.4.3 - Protection of log information).
Provides an abstract integrity_policy interface and a concrete hmac_sha256_integrity_policy implementation, reusing the same HMAC approach as audit_logger. The policy produces a per-record signature that writers append to their output so consumers can verify the log has not been tampered with after emission.
The policy is deliberately minimal:
- sign(record) returns a hex-encoded signature string
- verify(record, signature) returns true only if signatures match
- name() returns a short identifier used in signature prefixes
Definition in file integrity_policy.h.
