These docs are for Cribl Stream 4.12 and are no longer actively maintained.
See the latest version (4.14).
C.Crypto – Data Encryption and Decryption
C.Crypto.decrypt()
C.Crypto.decrypt(value: string, escape: boolean = false, escapeSeq = '"'): stringDecrypts all occurrences of ciphers in the given value. Instances that cannot be decrypted (for any reason) are left intact.
Returns value with ciphers decrypted.
| Parameter | Type | Description | 
|---|---|---|
| value | string | String in which to look for ciphers. | 
| escape | boolean | Set to trueto escape double quotes in output after decryption (for example, for data encrypted in Splunk.) Defaults tofalse. | 
| escapeSeq | string | String used to escape double quotes. The default '"'escapes CSV output. | 
Examples
To decrypt the contents of the encrypted field, use:
C.Crypto.decrypt(encrypted)C.Crypto.encrypt()
C.Crypto.encrypt(value: Buffer | string, keyclass: number, keyId?: string, defaultVal?: string): stringEncrypts the given value with the keyId, or with a keyId picked up automatically based on keyclass.
Returns the encrypted value. If encryption does not succeed, returns defaultVal if specified; otherwise, value.
| Parameter | Type | Description | 
|---|---|---|
| value | string | Buffer | The value to encrypt. | 
| keyclass | number | Key Class to pick a key from, if keyIdisn’t specified. | 
| keyId | string | Encryption keyId, takes precedence overkeyclass. | 
| defaultVal | string | Value to return if encryption fails; if unspecified, the original value is returned. | 
Examples
To encrypt the customer field using key with keyId 2, use:
C.Crypto.encrypt(customer, -1, 2)To encrypt the same field with a key selected from the Key Class 3, without specifying a keyId:
C.Crypto.encrypt(customer, 3)C.Crypto.createHmac()
C.Crypto.createHmac(value: string | Buffer, secret: string, algorithm: string = 'sha256', outputFormat: 'base64' | 'hex' | 'latin1' = 'hex'): stringGenerates an HMAC that can be added to events, or can be used to validate events that contain an HMAC.
Returns the calculated HMAC digest on success; otherwise, value.
| Parameter | Type | Description | 
|---|---|---|
| value | string | Buffer | The data to encrypt. When the outputFormatis invalid or undefined, this parameter is returned as the digest, via a Buffer. | 
| secret | string | The secret key used to generate the MAC. | 
| algorithm | string | The hash algorithm used to generate the MAC. Defaults to 'sha256'. Runopenssl list -digest-algorithmsto see the list of available algorithms. | 
| outputFormat | 'base64'|'hex'|'latin1' | Output format for the MAC. Defaults to 'hex'. | 
Examples
To generate HMAC from the customer field, provide the secret as the second argument:
C.Crypto.createHmac(customer, 'kETvYtLKZkgIzBvfRdVcZULBITANjOMd')To additionally specify that you want to use the SHA512 hash algorithm and to output the HMAC in latin1 format, run:
C.Crypto.createHmac(customer, 'kETvYtLKZkgIzBvfRdVcZULBITANjOMd', 'sha512', 'latin1')