Spine OSS provides an open-source SDK and CLI tailored for tamper-evident audit logging. It enables the creation and independent verification of secure audit trails without the need for a server. With cryptographic signatures and hash chains, ensure compliance and integrity in critical systems efficiently.
Spine Open Source is a comprehensive open-source software development kit (SDK) and command-line interface (CLI) designed for creating and verifying tamper-evident audit logs. Ideal for compliance-critical systems, it leverages advanced cryptographic techniques such as Ed25519 signatures and BLAKE3 hash chains to ensure that audit trails remain secure and verifiable without requiring a server.
Key Features
- Create Audit Logs: Generate cryptographically signed audit logs without needing a server. The SDK handles log creation locally.
- Verify Audit Trail Integrity: Use
spine-clifor independent verification of audit logs, ensuring integrity and authenticity without server dependence. - Optional Server Integration: For additional functionality, connect to a Spine server for third-party timestamping, although not necessary for standalone operations.
Components
| Component | Language | Purpose |
|---|---|---|
| spine-sdk-python | Python | Generate signed audit logs (WAL files) |
| spine-cli | Rust | Verify the integrity of WAL files |
Quick Start
Create Signed Audit Logs (Python SDK)
import asyncio
from spine_client import WAL, WALConfig, SigningKey
async def main():
key = SigningKey.generate()
wal = WAL(key, WALConfig(data_dir="./audit_log"))
await wal.initialize()
await wal.append({"event_type": "user.login", "user_id": "alice"})
await wal.append({"event_type": "data.access", "resource": "report_123"})
print(f"Logged {wal._seq} events to ./audit_log/")
asyncio.run(main())
Verify Logs Using CLI
cd spine-cli
cargo build --release
./target/release/spine-cli verify --wal ../audit_log
The verification output will confirm the integrity of the logs:
SPINE WAL VERIFICATION REPORT
=============================
Status: VALID
Events verified: 2
Signatures verified: 2
Architecture Overview
The standalone SDK creates signed WAL files, which can be independently verified with the CLI. In an optional server deployment, a Spine server can be utilized for additional timestamping services while keeping the data secure within your infrastructure.
Open Source Benefits
The open-source nature of this project fosters transparency and flexibility in audit logging. Key advantages include:
- Verifiable Claims: Anyone can verify the integrity guarantees offered by the system.
- No Vendor Lock-in: Audit data remains accessible independently of the server, ensuring data readability.
- Security Audits: The verification logic is subject to independent review, enhancing security.
- Client Flexibility: The architecture allows for integration with various languages and modifications according to individual needs.
WAL Format
The system utilizes an append-only JSON Lines file format with hash chaining, ensuring each log entry is linked to its predecessor, thus providing a verifiable chain of events. For more detailed information, refer to the WAL Format Specification.
Documentation and Support
Comprehensive documentation is available, including guides on the WAL format, key management, and CLI usage. See Key Management Guide and Documentation for the Python SDK for in-depth instructions.
Contribution and Security
Contributions are encouraged, with established processes for submitting issues or pull requests. For any potential security vulnerabilities, please contact security@eulbite.com directly.
Further Information
- Eul Bite - Company website
- Spine Product Page - More details on the Spine product.
No comments yet.
Sign in to be the first to comment.