diff --git a/man/journalctl.xml b/man/journalctl.xml
index 7a8d4b2dcc..564634b757 100644
--- a/man/journalctl.xml
+++ b/man/journalctl.xml
@@ -593,7 +593,10 @@
sealing key is stored in the journal
data directory and shall remain on the
host. The verification key should be
- stored externally.
+ stored externally. Also see the
+ option in
+ journald.conf5
+ for details.
diff --git a/man/journald.conf.xml b/man/journald.conf.xml
index fe47fdffec..26f47f8975 100644
--- a/man/journald.conf.xml
+++ b/man/journald.conf.xml
@@ -130,9 +130,15 @@
by
journalctl1's
- command), forward secure sealing (FSS) for
- all persistent journal files is
- enabled.
+ command), forward secure sealing (FSS)
+ for all persistent journal files is
+ enabled. FSS is based on Seekable
+ Sequential Key Generators by
+ G. A. Marson and B. Poettering and
+ may be used to protect journal files
+ from unnoticed
+ alteration.
diff --git a/src/journal/fsprg.c b/src/journal/fsprg.c
index 6817a629c8..dd9a242561 100644
--- a/src/journal/fsprg.c
+++ b/src/journal/fsprg.c
@@ -19,7 +19,13 @@
* License along with this library; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
* 02110-1301 USA
+ */
+
+/*
+ * See "Practical Secure Logging: Seekable Sequential Key Generators"
+ * by G. A. Marson, B. Poettering for details:
*
+ * http://eprint.iacr.org/2013/397
*/
#include