Logmeobf

logmeobf

logmeobf is the command-line helper for log obfuscation workflows. It can generate obfuscation keys, convert readable log records to binary obfuscated records, and convert binary obfuscated records back to readable records when the same key is available.

---

Command line help

logmeobf - generate keys and obfuscate or deobfuscate log records
Copyright (c) EFM Software

Usage:
  logmeobf --generate-key [--key-out FILE] [--base64] [--header FILE] [--name IDENTIFIER]
  logmeobf --obfuscate --key-file FILE|--key-base64 TEXT [--format auto|text|json|xml] [--in FILE] [--out FILE]
  logmeobf --deobfuscate --key-file FILE|--key-base64 TEXT [--in FILE] [--out FILE]

Options:
  --generate-key          Generate a new 32-byte obfuscation key
  --obfuscate             Convert readable log records to binary obfuscated records
  --deobfuscate           Convert binary obfuscated records to readable log records
  --key-file FILE         Read binary key from FILE
  --key-base64 TEXT       Read base64 key from TEXT
  --key-out FILE          Write generated key as binary file
  --base64                Print generated key as base64
  --header FILE           Write generated key as C/C++ header
  --name IDENTIFIER       Header variable name
  --in FILE               Read input from FILE instead of stdin
  --out FILE              Write output to FILE instead of stdout
  --format FORMAT         Input readable format for --obfuscate: auto, text, json, xml
  --nonce-salt VALUE      Use fixed nonce salt for reproducible obfuscation output
  --help                  Show this help

---

Examples

Generate a binary key file

logmeobf --generate-key --key-out logme.key

What happens:

• a new 32-byte obfuscation key is generated
• the raw binary key is written to logme.key
• the file must be protected, because it is required for deobfuscation

Generate a base64 key

logmeobf --generate-key --base64

Output is a base64-encoded 32-byte key. The exact value is different each time because the key is generated randomly.

Use this form when the key must be stored in configuration, environment variables, or CI secrets instead of a binary file.

Generate a C/C++ header with the key

logmeobf --generate-key --header logme_obf_key.h --name LOGME_OBF_KEY

What happens:

• a new key is generated
• a header file is written to logme_obf_key.h
• the generated variable name is LOGME_OBF_KEY

This is useful when the application embeds the obfuscation key at build time.

Obfuscate a readable text log

logmeobf --obfuscate --key-file logme.key --format text --in app.log --out app.logobf

What happens:

• app.log is read as a readable text log
• every record is written to app.logobf in binary obfuscated form
• the output file is not intended to be opened as text

Deobfuscate an obfuscated log

logmeobf --deobfuscate --key-file logme.key --in app.logobf --out app.restored.log

What happens:

• app.logobf is read as binary obfuscated records
• the same key from logme.key is used to decrypt records
• readable records are written to app.restored.log

Use a base64 key without a key file

logmeobf --obfuscate --key-base64 BASE64KEY --format json --in app.jsonl --out app.jsonl.obf
logmeobf --deobfuscate --key-base64 BASE64KEY --in app.jsonl.obf --out app.jsonl

What happens:

• the key is supplied directly on the command line
• --format json tells --obfuscate how to parse the readable input records
• deobfuscation does not need --format, because the obfuscated stream contains binary records

Produce reproducible obfuscation output for tests

logmeobf --obfuscate --key-file logme.key --format text --nonce-salt 12345 --in app.log --out app.logobf

What happens:

• the nonce generator uses the fixed salt value 12345
• the same input and key produce reproducible obfuscated output
• this option is intended for tests, not for normal production logging

---

See also

• Security
• Log Encryption