summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--man/journalctl.xml5
-rw-r--r--man/journald.conf.xml12
-rw-r--r--src/journal/fsprg.c6
3 files changed, 19 insertions, 4 deletions
diff --git a/man/journalctl.xml b/man/journalctl.xml
index 7a8d4b2dcc..564634b757 100644
--- a/man/journalctl.xml
+++ b/man/journalctl.xml
@@ -593,7 +593,10 @@
sealing key is stored in the journal
data directory and shall remain on the
host. The verification key should be
- stored externally.</para></listitem>
+ stored externally. Also see the
+ <option>Seal=</option> option in
+ <citerefentry><refentrytitle>journald.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>
+ for details.</para></listitem>
</varlistentry>
<varlistentry>
diff --git a/man/journald.conf.xml b/man/journald.conf.xml
index fe47fdffec..26f47f8975 100644
--- a/man/journald.conf.xml
+++ b/man/journald.conf.xml
@@ -130,9 +130,15 @@
by
<citerefentry><refentrytitle>journalctl</refentrytitle><manvolnum>1</manvolnum></citerefentry>'s
<option>--setup-keys</option>
- command), forward secure sealing (FSS) for
- all persistent journal files is
- enabled.</para></listitem>
+ command), forward secure sealing (FSS)
+ for all persistent journal files is
+ enabled. FSS is based on <ulink
+ url="http://eprint.iacr.org/2013/397">Seekable
+ Sequential Key Generators</ulink> by
+ G. A. Marson and B. Poettering and
+ may be used to protect journal files
+ from unnoticed
+ alteration.</para></listitem>
</varlistentry>
<varlistentry>
diff --git a/src/journal/fsprg.c b/src/journal/fsprg.c
index 6817a629c8..dd9a242561 100644
--- a/src/journal/fsprg.c
+++ b/src/journal/fsprg.c
@@ -19,7 +19,13 @@
* License along with this library; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
* 02110-1301 USA
+ */
+
+/*
+ * See "Practical Secure Logging: Seekable Sequential Key Generators"
+ * by G. A. Marson, B. Poettering for details:
*
+ * http://eprint.iacr.org/2013/397
*/
#include <gcrypt.h>