[systemd-commits] man/journalctl.xml man/journald.conf.xml src/journal

Lennart Poettering lennart at kemper.freedesktop.org
Tue Jun 18 07:25:39 PDT 2013 

 man/journalctl.xml    |    5 ++++-
 man/journald.conf.xml |   12 +++++++++---
 src/journal/fsprg.c   |    6 ++++++
 3 files changed, 19 insertions(+), 4 deletions(-)

New commits:
commit fe004b7c3a8325eb8d5420c1b940a5ade2691417
Author: Lennart Poettering <lennart at poettering.net>
Date:   Tue Jun 18 16:25:11 2013 +0200

    journal: add references to SSKG paper FSS is based on

diff --git a/man/journalctl.xml b/man/journalctl.xml
index 7a8d4b2..564634b 100644
--- a/man/journalctl.xml
+++ b/man/journalctl.xml
@@ -593,7 +593,10 @@
                                 sealing key is stored in the journal
                                 data directory and shall remain on the
                                 host. The verification key should be
-                                stored externally.</para></listitem>
+                                stored externally. Also see the
+                                <option>Seal=</option> option in
+                                <citerefentry><refentrytitle>journald.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>
+                                for details.</para></listitem>
                         </varlistentry>
 
                         <varlistentry>
diff --git a/man/journald.conf.xml b/man/journald.conf.xml
index fe47fdf..26f47f8 100644
--- a/man/journald.conf.xml
+++ b/man/journald.conf.xml
@@ -130,9 +130,15 @@
                                 by
                                 <citerefentry><refentrytitle>journalctl</refentrytitle><manvolnum>1</manvolnum></citerefentry>'s
                                 <option>--setup-keys</option>
-                                command), forward secure sealing (FSS) for
-                                all persistent journal files is
-                                enabled.</para></listitem>
+                                command), forward secure sealing (FSS)
+                                for all persistent journal files is
+                                enabled. FSS is based on <ulink
+                                url="http://eprint.iacr.org/2013/397">Seekable
+                                Sequential Key Generators</ulink> by
+                                G. A. Marson and B. Poettering and
+                                may be used to protect journal files
+                                from unnoticed
+                                alteration.</para></listitem>
                         </varlistentry>
 
                         <varlistentry>
diff --git a/src/journal/fsprg.c b/src/journal/fsprg.c
index 6817a62..dd9a242 100644
--- a/src/journal/fsprg.c
+++ b/src/journal/fsprg.c
@@ -19,7 +19,13 @@
  * License along with this library; if not, write to the Free Software
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
  * 02110-1301  USA
+ */
+
+/*
+ * See "Practical Secure Logging: Seekable Sequential Key Generators"
+ * by G. A. Marson, B. Poettering for details:
  *
+ * http://eprint.iacr.org/2013/397
  */
 
 #include <gcrypt.h>

More information about the systemd-commits mailing list