Security of Keystores

Lazarbeam · February 28, 2018, 3:58pm

Team --

I'm running Filebeat and Metricbeat versions 6.2.2 on RHEL 5.11

I've followed the instructions on creating keystores for Filebeat and Metricbeat from the guides listed here and here. Everything works dandy - this is a great feature to NOT have passwords stored in plain text. That would never fly with our data security team.

Is it known the algorithm and strength of the key to secure the filebeat.keystore and metricbeat.keystore files? This will be important information for our data security team to understand precisely how secure the .keystore files are.

adrisr · February 28, 2018, 7:04pm

Currently, the keystore is encrypted using the AES-256-GCM algorithm.

The key is derived from the password using HMAC-SHA-512 based PBKDF2 with 10000 iterations and a random salt and IV is used for every entry stored in the keystore.

Here's a link to the source code https://github.com/elastic/beats/blob/master/libbeat/keystore/file_keystore.go

Lazarbeam · February 28, 2018, 7:15pm

This is exactly what I'm looking for. Thank you!

system · March 28, 2018, 9:16pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.