On Fri, Sep 28, 2012 at 4:41 AM, Bernhard M. Wiedemann <bernhardout@lsmod.de> wrote:
http://www.freedesktop.org/software/systemd/man/systemd-journald.service.htm... does not give much details, but https://plus.google.com/115547683951727699051/posts/g1E6AxVKtyc mentions a verification key that needs to be stored in a secure location... actually it is a secret key that might allow faking logs by regenerating the sealing keys from it.
It also needs to be available to journal during its whole lifetime. It's a known "chicken and egg" problem in cryptography, where only hardware (a secure token) can help, by performing all crypto inside a protected chip that self-destructs if attacked. If the system comes with a TPS module, and if journal makes use of it... maybe. Thing is, journal uses an HMAC. It's not a signature (asymmetric), in which the verification key is different from the signing key. HMACs are symmetric. With those, whoever has access to verification, can also forge. -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org