NLog - how to decrypt a log file

Question

NLog - how to decrypt a log file

I have an entrance to my site and I want the log file to be encrypted. For the log file to be encrypted, I simply add the attribute fileAttributes = "Encrypted" to the configuration file, as you can see here:

<target name="file" xsi:type="File" layout="${longdate} | ${pad:padding=-5:inner=${level:uppercase=true}} | ${message} ${onexception:inner=${newline} ${exception:format=ToString}}" fileName="${basedir}/Log/log_info.log" fileAttributes="Encrypted" archiveFileName="${basedir}/Log/log_info_{#}.log" archiveAboveSize="1048576" archiveNumbering="Rolling" maxArchiveFiles="2" concurrentWrites="true" keepFileOpen="false" />

Problem . How can I decrypt a file to see the record?

+4

c # encryption nlog

Petofi Jul 31 '15 at 9:36

source share

2 answers

fileAttributes = "Encrypted" means that the file will have the NTFS Encrypted attribute. https://github.com/nlog/NLog/wiki/File-target

To decrypt it, go to the file properties → attributes → advanced and uncheck the "Encrypt content to protect data" box.

It runs on the same computer where the file was encrypted. Therefore, a copy of the file cannot be decrypted on another computer.

+3

Alex lebedev Aug 13 '15 at 2:00 p.m.

source share

Hans passant · Accepted Answer · 2015-08-13T18:27:04+0000

NLog does not encrypt the file itself, it just asks the operating system to take care of this. It is exposed in .NET with FileOptions.Encrypted enumeration value. Whose commentary describes well what he is doing:

Indicates that the file is encrypted and can only be decrypted using the same user account that is used for encryption.

"The same user account" is the most typical hang, IIS usually works with its own account, the details are well described in this existing Q + A. The implementation of the operating system is described in detail in this MSDN page .

Using this option on a web server should give a slight pause. The only person who reads the log file easily is an attacker who compromises the machine outside. He has no problems reading the file, its contents are easily accessible in open form, since it uses an IIS account. People who need a log file to stop such an attacker will find it quite difficult to read the file, since they will use their own account to access the machine.

This is not an ideal safety practice.

NLog - how to decrypt a log file

More articles: