diff options
| -rw-r--r-- | man/journalctl.xml | 5 | ||||
| -rw-r--r-- | man/journald.conf.xml | 12 | ||||
| -rw-r--r-- | src/journal/fsprg.c | 6 |
3 files changed, 19 insertions, 4 deletions
diff --git a/man/journalctl.xml b/man/journalctl.xml index 7a8d4b2dcc..564634b757 100644 --- a/man/journalctl.xml +++ b/man/journalctl.xml @@ -593,7 +593,10 @@ sealing key is stored in the journal data directory and shall remain on the host. The verification key should be - stored externally.</para></listitem> + stored externally. Also see the + <option>Seal=</option> option in + <citerefentry><refentrytitle>journald.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry> + for details.</para></listitem> </varlistentry> <varlistentry> diff --git a/man/journald.conf.xml b/man/journald.conf.xml index fe47fdffec..26f47f8975 100644 --- a/man/journald.conf.xml +++ b/man/journald.conf.xml @@ -130,9 +130,15 @@ by <citerefentry><refentrytitle>journalctl</refentrytitle><manvolnum>1</manvolnum></citerefentry>'s <option>--setup-keys</option> - command), forward secure sealing (FSS) for - all persistent journal files is - enabled.</para></listitem> + command), forward secure sealing (FSS) + for all persistent journal files is + enabled. FSS is based on <ulink + url="http://eprint.iacr.org/2013/397">Seekable + Sequential Key Generators</ulink> by + G. A. Marson and B. Poettering and + may be used to protect journal files + from unnoticed + alteration.</para></listitem> </varlistentry> <varlistentry> diff --git a/src/journal/fsprg.c b/src/journal/fsprg.c index 6817a629c8..dd9a242561 100644 --- a/src/journal/fsprg.c +++ b/src/journal/fsprg.c @@ -19,7 +19,13 @@ * License along with this library; if not, write to the Free Software * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA * 02110-1301 USA + */ + +/* + * See "Practical Secure Logging: Seekable Sequential Key Generators" + * by G. A. Marson, B. Poettering for details: * + * http://eprint.iacr.org/2013/397 */ #include <gcrypt.h> |