Expand description
Cryptographic Operation Audit Logging
This module provides secure, tamper-evident audit logging for cryptographic operations. All sensitive operations (key generation, signing, encryption, etc.) can be logged with metadata for compliance and forensic purposes.
§Features
- Tamper-evident logging using Merkle trees
- Structured audit log entries with timestamps
- Operation categorization and severity levels
- Query and filtering capabilities
- Retention policies with automatic cleanup
- Export to JSON for external analysis
- Secure storage with integrity verification
§Use Cases in CHIE Protocol
- Compliance auditing (GDPR, CCPA, FIPS)
- Security incident investigation
- Key lifecycle tracking
- Access control verification
- Anomaly detection
§Example
use chie_crypto::audit_log::{AuditLog, AuditEntry, OperationType, SeverityLevel};
let mut audit_log = AuditLog::new();
// Log a key generation operation
audit_log.log(
OperationType::KeyGeneration,
SeverityLevel::Info,
"Generated Ed25519 keypair for user alice",
Some("user_id=alice, key_type=Ed25519"),
);
// Log an encryption operation
audit_log.log(
OperationType::Encryption,
SeverityLevel::Info,
"Encrypted file document.pdf",
Some("file_size=1024000, algorithm=ChaCha20-Poly1305"),
);
// Query audit logs
let key_gen_logs = audit_log.query_by_operation(OperationType::KeyGeneration);
assert_eq!(key_gen_logs.len(), 1);
// Verify log integrity
assert!(audit_log.verify_integrity());Structs§
- Audit
Entry - Audit log entry
- Audit
Log - Audit log with tamper-evident chaining
- Audit
Statistics - Audit log statistics
Enums§
- Operation
Type - Type of cryptographic operation
- Severity
Level - Severity level of the audit entry