Hard to know whether or not #216 is implemented correctly if we can't check the integrity of the log. This work should be limited to verifying log integrity: given a collection of files holding audit messages we must be able to reconstruct the hash obtained from the next audit entry produced by our YubiHSM (I can't really remember but I think the audit mechanism is on-line only). More interesting analysis can / should be left as future work.
Hard to know whether or not #216 is implemented correctly if we can't check the integrity of the log. This work should be limited to verifying log integrity: given a collection of files holding audit messages we must be able to reconstruct the hash obtained from the next audit entry produced by our YubiHSM (I can't really remember but I think the audit mechanism is on-line only). More interesting analysis can / should be left as future work.