# GeoVLogReader **Console utility to decrypt and extract GeoV‑encrypted HDF5 flight logs** GeoVLogReader is the ground‑station companion to **GeoVLogSvc** (the Windows‑service logger running in the aircraft). It performs three jobs: 1. **Authenticates** the log header and retrieves the wrapped AES‑256 key. 2. **Unwraps / decrypts** that key using **your private RSA key** *(which never leaves your office PC)*. 3. **Streams the plaintext dataset** out to one of three targets * another HDF5 file (`--out-file`) * a folder of CSV slices (`--csv`) * **STDOUT** (for piping straight into Python/R). > **Crypto stack** > * **AES‑256‑GCM** — per‑chunk encryption inside HDF5 > * **RSA‑2048 OAEP‑SHA‑256** — wraps each file’s AES key > * **H5Z‑AES** plugin — on‑the‑fly decrypt for HDF5 --- ## 1 · Quick start (pre‑built binaries) ```powershell # 1. Unzip release bundle Expand-Archive GeoVLogReader-win-x64.zip -DestinationPath C:\GeoVReader # 2. Tell the tool where your private key lives (once per session/user) $env:GEOVLOG_PRIVATE_KEY = "D:\Keys\GeoVLogPrivate.pem" # 3. Decrypt a flight hour C:\GeoVReader\GeoVLogReader.exe ` --in F:\Flights‚50521_0930_GeoVLog.h5 ` --out-file D:\Decrypted‚50521_0930_plain.h5 ``` --- ## 2 · Command‑line reference | Option | Alias | Required | Description | |--------|-------|----------|-------------| | `--in ` | `-i` | ✔ | Encrypted `.h5` produced by GeoVLogSvc | | `--out-file ` | | ✖ | Write a fully decrypted HDF5 copy | | `--csv ` | | ✖ | Split into per‑sensor CSV files instead of HDF5 | | `--key ` | `-k` | ✖ | Path to private key (overrides `GEOVLOG_PRIVATE_KEY`) | | `--overwrite` | | ✖ | Replace existing output files | | `--summary` | `-s` | ✖ | Print header info only (no extraction) | | `--help` | `-h` | – | Show full usage | *If neither `--out-file` nor `--csv` is specified GeoVLogReader streams a row‑wise CSV to **STDOUT**.* --- ## 3 · Prerequisites | Component | Version | Notes | |-----------|---------|-------| | **.NET Runtime** | ≥ 8.0 | Bundled with release; no install needed on most PCs | | **OpenSSL** | ≥ 1.1 | Only for key‑pair generation / rotation (office side) | | **H5Z‑AES** | ≥ 0.3 | DLL included; loader uses `HDF5_PLUGIN_PATH` | --- ## 4 · Typical workflow 1. **Flight ends** → copy encrypted logs to ground PC. 2. Run ```powershell GeoVLogReader -i E:\Flights‚50521_09_GeoVLog.h5 ` --out-file D:\Survey09_plain.h5 ``` 3. Analyse in Python ```python import h5py, pandas as pd with h5py.File("Survey09_plain.h5") as f: df = pd.DataFrame(f["/measurements"][:]) ``` --- ## 5 · Building from source ```powershell git clone https://yourrepo/GeoVLog.git cd GeoVLog/src/GeoVLogReader dotnet build -c Release # Publish single‑file, self‑contained binary dotnet publish -c Release -r win-x64 ` /p:PublishSingleFile=true /p:PublishTrimmed=true ``` --- ## 6 · Key management | Item | Stored where | Purpose | |------|--------------|---------| | **Public key** (embedded) | Aircraft EXE | Wrap file AES keys (not secret) | | **Private key** (`GeoVLogPrivate.pem`) | Analyst PC + offline vault | Unwrap AES keys; keep secure | | `GEOVLOG_PRIVATE_KEY` env var | Analyst profile or CI secret store | Path override for automated runs | **Rotation** 1. Generate new RSA pair. 2. Embed new *public* key in GeoVLogSvc, re‑sign, redeploy. 3. Retain old private keys to read historic files. --- ## 7 · Troubleshooting | Symptom | Possible causes | |---------|-----------------| | `ERROR: key unwrap failed` | Wrong private key or file logged with newer key pair | | `Cannot load H5Z-AES filter` | `HDF5_PLUGIN_PATH` not set or DLL missing | | `Access denied` opening key | File ACL blocks current user or bad key path | Use `--summary` to validate header and key fingerprint. --- ## 8 · Tests ```powershell dotnet test ..\.. ests\GeoVLog.Tests --filter Category=Reader ``` Unit tests cover header auth, AES‑GCM tag verify, and CSV round‑trip. --- ## 9 · License & credits GeoVLogReader © 2025 Your Company Name – MIT license. Uses: * **System.CommandLine** (MIT) * **HDF5 & H5Z‑AES** (BSD) * **BouncyCastle** (MIT) for PEM parsing --- *Need help?* Open an issue in the **geoVlog-reader** tracker or email **support@your-company.com**.