X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?a=blobdiff_plain;f=README.make-secnet-sites;h=aa4b216d2f580f96f7dc8047bbc0bce7bc69b6cd;hb=8c63c56d1a1be0d95f75044184bcd17b7b16d7c3;hp=71a0e0f1e9c58a076b4c06bb0e7967762487467e;hpb=c39f04317c5f7fe2bbb305bcebdc965d0c1a2da2;p=secnet.git diff --git a/README.make-secnet-sites b/README.make-secnet-sites index 71a0e0f..aa4b216 100644 --- a/README.make-secnet-sites +++ b/README.make-secnet-sites @@ -43,9 +43,43 @@ OPTIONS NUMBER that are understood are: 1 The original format, pre signing key negotiation. + 2 Signing key algorithm agility and negotiation. If NUMBER is higher than make-secnet-sites supports, it writes out what it can. + --pubkeys-install + + Specifies that public keys are to be installed in the + live pubkeys area (and not hardcoded in secnet conf + files). With this option, generated site configs + refer to keys in PUBKEYS; also, the generated secnet + configuration enables live peer public update. + + --pubkeys-single + + Specifies that one public key per site is to be + written directly into the sites.conf output. If + --output-version=1, this is the rsa1 key 0000000000. + Otherwise it is an error if there are multiple public + keys defined for any site, in the input. + --pubkeys-single is the default. + + --pubkeys-elide + + In the sites.conf output, just write the peer-keys + entry referring to keys in PUBKEYS. But do not write + public keys anywhere. + + --pubkeys-dir PUBKEYS + + Specifies the live pubkeys area pathname. + The default is /var/lib/secnet/pubkeys. + + Key files are named + PUBKEYS/peer.[~...] + mangled-peer-name is chosen by make-secnet-sites + / => , + --debug | -D Increase amount of debugging output. @@ -196,8 +230,8 @@ INPUT SYNTAX Assigns a public-key closure to the `key' key, constructed as `rsa-public(E, N)'. The argument HUNOZ must be an integer, but is otherwise ignored; it's - conventionally the length of N in bits. Acceptable only - at site level; required at site level. + conventionally the length of N in bits. + Acceptable only at site level. See `pub'. mobile BOOL Assigns BOOL to the `mobile' key. Acceptable only at @@ -212,13 +246,13 @@ INPUT SYNTAX Defines a public key. ALG is an algorithm name and DATA91S is the public key data, encoded according to secnet-base91 (see below). - Not yet suported in make-secnet-sites. + Gives make-public("ALG","DATAB91S") in sites.conf; + at least one `pub' or `pubkey' must be specified. serial SETIDHEX Specifies the key set id (8 hex digits representing 4 bytes: each pair is the value of the next byte). May appear at most once. If not present, 00000000. - Not yet suported in make-secnet-sites. pkg GROUPIDHEX pkgf GROUPIDHEX @@ -226,7 +260,6 @@ INPUT SYNTAX pkgf indicates a fallback group. May be repeated (with different id values). If not specified, 00000000. - Not yet suported in make-secnet-sites. OUTPUT STRUCTURE