{"id":32462695,"url":"https://github.com/karasz/securelog","last_synced_at":"2025-10-26T13:00:02.561Z","repository":{"id":320844750,"uuid":"1081259873","full_name":"karasz/securelog","owner":"karasz","description":"Forward-secure Go library for tamper-evident audit logs, implementing Ma–Tsudik’s dual-MAC private-verifiable scheme.","archived":false,"fork":false,"pushed_at":"2025-10-26T08:04:54.000Z","size":64,"stargazers_count":1,"open_issues_count":0,"forks_count":0,"subscribers_count":0,"default_branch":"master","last_synced_at":"2025-10-26T10:06:31.923Z","etag":null,"topics":["audit-logging","compliance","cryptography","forward-security","golang","log-integrity","secure-logging","tamper-detection"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/karasz.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2025-10-22T14:28:31.000Z","updated_at":"2025-10-25T20:21:58.000Z","dependencies_parsed_at":"2025-10-26T10:19:24.208Z","dependency_job_id":null,"html_url":"https://github.com/karasz/securelog","commit_stats":null,"previous_names":["karasz/securelog"],"tags_count":1,"template":false,"template_full_name":null,"purl":"pkg:github/karasz/securelog","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/karasz%2Fsecurelog","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/karasz%2Fsecurelog/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/karasz%2Fsecurelog/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/karasz%2Fsecurelog/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/karasz","download_url":"https://codeload.github.com/karasz/securelog/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/karasz%2Fsecurelog/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":281107094,"owners_count":26444787,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-10-26T02:00:06.575Z","response_time":61,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["audit-logging","compliance","cryptography","forward-security","golang","log-integrity","secure-logging","tamper-detection"],"created_at":"2025-10-26T12:59:57.673Z","updated_at":"2025-10-26T13:00:02.556Z","avatar_url":"https://github.com/karasz.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"# securelog — Dual MAC Private-Verifiable Secure Logger (Go)\n\n[![Go Reference](https://pkg.go.dev/badge/github.com/karasz/securelog.svg)](https://pkg.go.dev/github.com/karasz/securelog)\n[![Go Report Card](https://goreportcard.com/badge/github.com/karasz/securelog)](https://goreportcard.com/report/github.com/karasz/securelog)\n[![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](LICENSE)\n\nSecureLog is a production-focused implementation of the Dual MAC private-verifiable logging protocol. It keeps audit trails append-only, forward-secure, and verifiable by both semi-trusted auditors and a trusted authority. For the full academic background, see [doc/ACADEMICS.md](doc/ACADEMICS.md).\n\n## Highlights\n- Dual MAC chains (`μ_V`, `μ_T`) to catch tampering by compromised verifiers.\n- Forward-secure key evolution with per-entry key rotation.\n- Pluggable transports (folder, HTTP, local) and storage backends (POSIX files, SQLite).\n- Pure Go, no CGO requirements in the default configuration.\n\n## Quick Start\n\n```go\npackage main\n\nimport (\n\t\"log\"\n\t\"time\"\n\n\t\"github.com/karasz/securelog\"\n)\n\nfunc main() {\n\tstore, _ := securelog.OpenFileStore(\"/var/log/securelog\")\n\tlogger, _ := securelog.New(securelog.Config{AnchorEvery: 100}, store)\n\n\tcommit, openMsg, _ := logger.InitProtocol(\"app-log-001\")\n\n\t// transmit commit/openMsg to the trusted server here\n\t_ = commit\n\t_ = openMsg\n\n\tlogger.Append([]byte(\"user login: alice\"), time.Now())\n\tlogger.Append([]byte(\"file access: /etc/passwd\"), time.Now())\n\n\tcloseMsg, _ := logger.CloseProtocol(\"app-log-001\")\n\tlog.Printf(\"final tag: %x\", closeMsg.FinalTagT)\n}\n```\n\nFor end-to-end examples (including transports) check the `example_*.go` files.\n\n## Storage Backends\n- **File store (default)** — append-only binary format with POSIX locks; ideal for production.\n- **SQLite store** — ACID semantics and ad-hoc queries via SQLite (`modernc.org/sqlite`).\n\nBoth implement the same `Store` interface, so swapping backends is a one-line change.\n\n## Transports\n- **Folder transport** for local/offline workflows.\n- **HTTP transport** for remote trusted servers.\n- **Local transport** for in-process testing.\n\nDetailed diagrams and usage notes live in [doc/TRANSPORT.md](doc/TRANSPORT.md).\n\n## Documentation\n- [doc/ACADEMICS.md](doc/ACADEMICS.md) — paper references and detailed research context.\n- [doc/TRANSPORT.md](doc/TRANSPORT.md) — transport layer protocol and folder layout.\n- `example_*.go` — runnable snippets that stitch storage, transports, and verifiers together.\n\n## Development\n\n```\nmake fmt        # gofmt on the tree\nmake lint       # revive + staticcheck + gosec\nmake test       # go test -race -cover ./...\nmake check      # run the full battery (fmt, vet, lint, spell, test)\n```\n\nGo 1.21 or newer is recommended.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fkarasz%2Fsecurelog","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fkarasz%2Fsecurelog","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fkarasz%2Fsecurelog/lists"}