sealing key is stored in the journal
data directory and shall remain on the
host. The verification key should be
- stored externally.</para></listitem>
+ stored externally. Also see the
+ <option>Seal=</option> option in
+ <citerefentry><refentrytitle>journald.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>
+ for details.</para></listitem>
</varlistentry>
<varlistentry>
by
<citerefentry><refentrytitle>journalctl</refentrytitle><manvolnum>1</manvolnum></citerefentry>'s
<option>--setup-keys</option>
- command), forward secure sealing (FSS) for
- all persistent journal files is
- enabled.</para></listitem>
+ command), forward secure sealing (FSS)
+ for all persistent journal files is
+ enabled. FSS is based on <ulink
+ url="http://eprint.iacr.org/2013/397">Seekable
+ Sequential Key Generators</ulink> by
+ G. A. Marson and B. Poettering and
+ may be used to protect journal files
+ from unnoticed
+ alteration.</para></listitem>
</varlistentry>
<varlistentry>
* License along with this library; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
* 02110-1301 USA
+ */
+
+/*
+ * See "Practical Secure Logging: Seekable Sequential Key Generators"
+ * by G. A. Marson, B. Poettering for details:
*
+ * http://eprint.iacr.org/2013/397
*/
#include <gcrypt.h>
~ianmdlvl / elogind.git / commitdiff