X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?a=blobdiff_plain;f=README.make-secnet-sites;h=c5b8360d0c8a1cdeb6ba962c5c8e704bf71b4a1c;hb=5ceef56b0c983ad69214eff94d36c94c7887d2cc;hp=579b9a56a74e33d72dd951ffc146fdb1dc7ae972;hpb=8c8578ff6ce65c8fcf609cfd171b0d9cbf93a447;p=secnet.git diff --git a/README.make-secnet-sites b/README.make-secnet-sites index 579b9a5..c5b8360 100644 --- a/README.make-secnet-sites +++ b/README.make-secnet-sites @@ -34,6 +34,42 @@ USAGE produce Secnet configuration. +OPTIONS + + --output-version NUMBER + + Write backward-compatible sites file output, + targeting a particular sites format. Values of + NUMBER that are understood are: + 1 The original format, pre signing key + negotiation. + 2 Signing key algorithm agility and negotiation. + If NUMBER is higher than make-secnet-sites supports, + it writes out what it can. + + --pubkeys-install + + Specifies that public keys are to be installed in the + live pubkeys area (and not hardcoded in secnet conf + files). With this option, generated site configs + refer to keys in PUBKEYS; also, the generated secnet + configuration enables live peer public update. + + --pubkeys-dir PUBKEYS + + Specifies the live pubkeys area pathname. + The default is /var/lib/secnet/pubkeys. + + Key files are named + PUBKEYS/peer.[~...] + mangled-peer-name is chosen by make-secnet-sites + / => , + + --debug | -D + + Increase amount of debugging output. + + INPUT SYNTAX The input files have a simple line-based syntax. Blank lines, @@ -179,14 +215,15 @@ INPUT SYNTAX Assigns a public-key closure to the `key' key, constructed as `rsa-public(E, N)'. The argument HUNOZ must be an integer, but is otherwise ignored; it's - conventionally the length of N in bits. Acceptable only - at site level; required at site level. + conventionally the length of N in bits. + Acceptable only at site level. See `pub'. mobile BOOL Assigns BOOL to the `mobile' key. Acceptable only at site level, but optional. Properties which can also appear in public key files. + (named by `peer-keys' key to secnet sites closure.) These are acceptable to make-secnet-sites only at site level. See also `Site long-term keys' in NOTES. @@ -194,7 +231,8 @@ INPUT SYNTAX Defines a public key. ALG is an algorithm name and DATA91S is the public key data, encoded according to secnet-base91 (see below). - Not yet suported in make-secnet-sites. + Gives make-public("ALG","DATAB91S") in sites.conf; + at least one `pub' or `pubkey' must be specified. serial SETIDHEX Specifies the key set id (8 hex digits representing