[distorted-keys] / profile.d / 00base

;;; -*-conf-*-
;;;
;;; Basic profile configuration for key management
;;;
;;; (c) 2011 Mark Wooding
;;;

;;;----- Licensing notice ---------------------------------------------------
;;;
;;; This file is part of the distorted.org.uk key management suite.
;;;
;;; distorted-keys is free software; you can redistribute it and/or modify
;;; it under the terms of the GNU General Public License as published by
;;; the Free Software Foundation; either version 2 of the License, or
;;; (at your option) any later version.
;;;
;;; distorted-keys is distributed in the hope that it will be useful,
;;; but WITHOUT ANY WARRANTY; without even the implied warranty of
;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
;;; GNU General Public License for more details.
;;;
;;; You should have received a copy of the GNU General Public License
;;; along with distorted-keys; if not, write to the Free Software Foundation,
;;; Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.

;;;--------------------------------------------------------------------------
;;; Profile syntax.
;;;
;;; The configuration file is divided into sections, each beginning with a
;;; header enclosed in square brackets.  Within a section, lines of the form
;;;
;;;	NAME = VALUE
;;;
;;; define properties within that section.  Property names may consist of
;;; alphanumeric characters, hyphens `-', underscores `_', and percent signs
;;; `%'; hyphens and underscores are equivalent.  Several section headers may
;;; use the same name: this is entirely equivalent to a single section
;;; containing the same definitions in the same order.  If two definitions in
;;; the same section have the same property name, the earlier definition is
;;; silently ignored.  Properties whose names contain percent signs are
;;; used internally only, and not emitted.
;;;
;;; There are special pseudoproperties whose names begin with `@'.
;;; Currently, the only pseudoproperty defined is `@include'.  The value is a
;;; list of section names separated by whitespace: the named sections are
;;; `directly included'; a section includes directly included sections, and
;;; sections included by directly included sections.  It is an error for a
;;; section to include itself.  If a property is defined in an included
;;; section, but not in the including section, then the property is added to
;;; (`inherited by') the including section.  The property's value is
;;; determined as follows.  A `candidate definition' for the property is a
;;; definition in a section S such that no section which includes S contains
;;; a definition for the property.  It is an error for two candidate
;;; definitions to provide different values for the property; otherwise, the
;;; inherited value is the common value of the candidate definitions.
;;;
;;; Property definitions before the first section heading are placed in the
;;; special section `@GLOBAL', which is implicitly included in every other
;;; section.
;;;
;;; Property values (but not pseudoproperties) may contain substitution
;;; placeholders of the form $NAME or ${NAME}, which are replaced by the
;;; value of the (possibly inherited) property NAME.  It is an error if there
;;; is no definition for the property.  Substitution placeholders in the
;;; replacement value are also expanded, recursively; the search begins
;;; relative to the original section.  (There is not a well-defined
;;; containing section for the replacement property.)  References to the
;;; special property name `@name' is replaced by the name of the section.

;;;--------------------------------------------------------------------------
;;; Structure and conventions.
;;;
;;; It's probably best if you don't edit this file.  Instead, install it as
;;; `00base' in the system profiles directory, and apply your local
;;; customizations in separate files.  The numbers on the front of the
;;; filenames ensure that they're read in the right order.  The first digit
;;; describes the source of the configuration:
;;;
;;; 0			Global defaults.  The configuration files distributed
;;;			with distorted-keys go here.  So should the default
;;;			profiles for any other key types and client packages.
;;;
;;; 1--4		Overrides for operating system vendors, packagers,
;;;			etc.
;;;
;;; 5--8		Overrides for organizational and site-specific
;;;			configuration.
;;;
;;; 9			Host-specific overrides.
;;;
;;; Section names beginning with `%' are not intended to be used directly,
;;; but included into other sections.
;;;
;;; Each key type KTYPE should define two or three sections:
;;;
;;; %KTYPE		Basic configuration common to all uses of the key
;;;			type.  All profiles using the key type should include
;;;			this section.  The `type' property should be defined
;;;			appropriately.  The settings should be suitable for
;;;			general use by a technically able user who is not a
;;;			cryptography expert, and should aim to provide at
;;;			least a 128-bit security level.
;;;
;;; %KTYPE-infra	Additional configuration for use as an infrastructure
;;;			key (e.g., a keeper, recovery, or archive key).  If
;;;			the key type is not suitable for use as an
;;;			infrastructure key, don't define this section at
;;;			all.
;;;
;;; KTYPE		Additional configuration for use as a user key.  In
;;;			particular, this should include either `%symmetric'
;;;			or `%asymmetric' as appropriate, in order to make
;;;			available appropriate default ACLs.  Typically, no
;;;			other settings will be needed.
;;;
;;; Other section names beginning `KTYPE-' or `%KTYPE-' are reserved for the
;;; the use of the key type.

;;;--------------------------------------------------------------------------
;;; Common settings.

;; Random bit source, for generating nubs and similar.
random = random

;; Nub generation parameters.  Note that the specifics of nub generation are
;; key-type specific.
nub-hash = sha384
nub-random-bytes = 512

;; Hash function for computing nub hashes.
nubid-hash = sha256

;;;--------------------------------------------------------------------------
;;; Common policy for user keys.
;;;
;;; All key-type profiles for user keys should include one of the following
;;; sections.
;;;
;;; %asymmetric-secrecy	i.e., public-key encryption and decryption.
;;;
;;; %asymmetric-integrity i.e., issuing and verifying digital signatures.
;;;
;;; %symmetric-secrecy	i.e., standard symmetric encryption and decryption.
;;;
;;; %symmetric-integrity i.e., generating and verifyng message authentication
;;;			code tags.
;;;
;;; Each of these includes one or other of `%asymmetric' or `%symmetric', and
;;; one or other of `%secrecy' or `%integrity'.  Both of these include
;;; `%common', which may therefore contain policy for all user keys.
;;;
;;; The `acl-ACTION' properties define access-control lists for various
;;; ACTIONs.  An ACL consists of a sequence of entries separated by spaces.
;;; An ACL entry has the form
;;;
;;;	[-]PATTERN
;;;
;;; where PATTERN may be one of the following.
;;;
;;; !owner		The owner of the key, i.e., the user who created it.
;;;
;;; %GROUP		Any member of a group whose name or gid matches the
;;;			glob pattern GROUP.
;;;
;;; USER		A user whose name or uid matches the glob pattern
;;;			USER.
;;;
;;; An entry usually grants permission to a user who matches its pattern; if
;;; prefixed by a `-', the entry denies permission instead.  Entries are
;;; checked in order, left to right; only the first match is significant.  If
;;; no matching entries are found then access is denied.
;;;
;;; ACTIONs currently defined are `encrypt', `decrypt', `sign', `verify', and
;;; `info', corresponding to the like-named `cryptop' commands.  Others may
;;; be defined later, but their names won't contain `%' signs.  The default
;;; ACLs are defined in terms of the following internal properties.
;;;
;;; acl-%none		No access at all, for inapplicable operations.
;;;
;;; acl-%private	Access should always be limited to authorized users.
;;;
;;; acl-%public		Access may be granted more widely for asymmetric key
;;;			types.
;;;
;;; Other useful properties are as follows.
;;;
;;; recovery		A list of recovery keys with which encrypted copies
;;;			of the key nub should be made.  The default is to
;;;			make no recovery copies, because this configuration
;;;			has no idea which recovery key to use; however, I
;;;			/stongly/ recommend that all user keys used for
;;;			secrecy be recoverable.

[%common]

;; ACL principal names.
acl-%private = !owner
acl-%none = -*

;; Default ACLs.
acl-info = $acl-%private
acl-encrypt = $acl-%none
acl-decrypt = $acl-%none
acl-sign = $acl-%none
acl-verify = $acl-%none

[%symmetric]
@include = %common
acl-%public = $acl-%private

[%asymmetric]
@include = %common
acl-%public = *

[%secrecy]
@include = %common
acl-encrypt = $acl-%public
acl-decrypt = $acl-%private

[%integrity]
@include = %common
acl-sign = $acl-%private
acl-verify = $acl-%public

[%asymmetric-secrecy]
@include = %asymmetric %integrity

[%asymmetric-integrity]
@include = %asymmetric %integrity

[%symmetric-secrecy]
@include = %symmetric %integrity

[%symmetric-integrity]
@include = %symmetric %integrity

;;;----- That's all, folks --------------------------------------------------
Commit	Line	Data
c0979a8f MW	1	;;; --conf--
	2	;;;
	3	;;; Basic profile configuration for key management
	4	;;;
	5	;;; (c) 2011 Mark Wooding
	6	;;;
	7
	8	;;;----- Licensing notice ---------------------------------------------------
	9	;;;
	10	;;; This file is part of the distorted.org.uk key management suite.
	11	;;;
	12	;;; distorted-keys is free software; you can redistribute it and/or modify
	13	;;; it under the terms of the GNU General Public License as published by
	14	;;; the Free Software Foundation; either version 2 of the License, or
	15	;;; (at your option) any later version.
	16	;;;
	17	;;; distorted-keys is distributed in the hope that it will be useful,
	18	;;; but WITHOUT ANY WARRANTY; without even the implied warranty of
	19	;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
	20	;;; GNU General Public License for more details.
	21	;;;
	22	;;; You should have received a copy of the GNU General Public License
	23	;;; along with distorted-keys; if not, write to the Free Software Foundation,
	24	;;; Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
	25
	26	;;;--------------------------------------------------------------------------
	27	;;; Profile syntax.
	28	;;;
	29	;;; The configuration file is divided into sections, each beginning with a
	30	;;; header enclosed in square brackets. Within a section, lines of the form
	31	;;;
	32	;;; NAME = VALUE
	33	;;;
	34	;;; define properties within that section. Property names may consist of
	35	;;; alphanumeric characters, hyphens `-', underscores `_', and percent signs
	36	;;; `%'; hyphens and underscores are equivalent. Several section headers may
	37	;;; use the same name: this is entirely equivalent to a single section
	38	;;; containing the same definitions in the same order. If two definitions in
	39	;;; the same section have the same property name, the earlier definition is
	40	;;; silently ignored. Properties whose names contain percent signs are
	41	;;; used internally only, and not emitted.
	42	;;;
	43	;;; There are special pseudoproperties whose names begin with `@'.
	44	;;; Currently, the only pseudoproperty defined is `@include'. The value is a
	45	;;; list of section names separated by whitespace: the named sections are
	46	;;; `directly included'; a section includes directly included sections, and
	47	;;; sections included by directly included sections. It is an error for a
	48	;;; section to include itself. If a property is defined in an included
	49	;;; section, but not in the including section, then the property is added to
	50	;;; (`inherited by') the including section. The property's value is
	51	;;; determined as follows. A `candidate definition' for the property is a
	52	;;; definition in a section S such that no section which includes S contains
	53	;;; a definition for the property. It is an error for two candidate
	54	;;; definitions to provide different values for the property; otherwise, the
	55	;;; inherited value is the common value of the candidate definitions.
	56	;;;
	57	;;; Property definitions before the first section heading are placed in the
	58	;;; special section `@GLOBAL', which is implicitly included in every other
	59	;;; section.
	60	;;;
	61	;;; Property values (but not pseudoproperties) may contain substitution
	62	;;; placeholders of the form $NAME or ${NAME}, which are replaced by the
	63	;;; value of the (possibly inherited) property NAME. It is an error if there
	64	;;; is no definition for the property. Substitution placeholders in the
65	;;; replacement value are also expanded, recursively; the search begins
66	;;; relative to the original section. (There is not a well-defined
67	;;; containing section for the replacement property.) References to the
68	;;; special property name `@name' is replaced by the name of the section.
69
70	;;;--------------------------------------------------------------------------
71	;;; Structure and conventions.
72	;;;
73	;;; It's probably best if you don't edit this file. Instead, install it as
74	;;; `00base' in the system profiles directory, and apply your local
75	;;; customizations in separate files. The numbers on the front of the
76	;;; filenames ensure that they're read in the right order. The first digit
77	;;; describes the source of the configuration:
78	;;;
79	;;; 0 Global defaults. The configuration files distributed
80	;;; with distorted-keys go here. So should the default
81	;;; profiles for any other key types and client packages.
82	;;;
83	;;; 1--4 Overrides for operating system vendors, packagers,
84	;;; etc.
85	;;;
86	;;; 5--8 Overrides for organizational and site-specific
87	;;; configuration.
88	;;;
89	;;; 9 Host-specific overrides.
90	;;;
91	;;; Section names beginning with `%' are not intended to be used directly,
92	;;; but included into other sections.
93	;;;
94	;;; Each key type KTYPE should define two or three sections:
95	;;;
96	;;; %KTYPE Basic configuration common to all uses of the key
97	;;; type. All profiles using the key type should include
98	;;; this section. The `type' property should be defined
99	;;; appropriately. The settings should be suitable for
100	;;; general use by a technically able user who is not a
101	;;; cryptography expert, and should aim to provide at
102	;;; least a 128-bit security level.
103	;;;
104	;;; %KTYPE-infra Additional configuration for use as an infrastructure
105	;;; key (e.g., a keeper, recovery, or archive key). If
106	;;; the key type is not suitable for use as an
107	;;; infrastructure key, don't define this section at
108	;;; all.
109	;;;
110	;;; KTYPE Additional configuration for use as a user key. In
111	;;; particular, this should include either `%symmetric'
112	;;; or `%asymmetric' as appropriate, in order to make
113	;;; available appropriate default ACLs. Typically, no
114	;;; other settings will be needed.
115	;;;
116	;;; Other section names beginning `KTYPE-' or `%KTYPE-' are reserved for the
117	;;; the use of the key type.
118
119	;;;--------------------------------------------------------------------------
120	;;; Common settings.
121
122	;; Random bit source, for generating nubs and similar.
123	random = random
124
125	;; Nub generation parameters. Note that the specifics of nub generation are
126	;; key-type specific.
127	nub-hash = sha384
128	nub-random-bytes = 512
129
130	;; Hash function for computing nub hashes.
131	nubid-hash = sha256
132
133	;;;--------------------------------------------------------------------------
134	;;; Common policy for user keys.
135	;;;
136	;;; All key-type profiles for user keys should include one of the following
137	;;; sections.
138	;;;
139	;;; %asymmetric-secrecy i.e., public-key encryption and decryption.
140	;;;
141	;;; %asymmetric-integrity i.e., issuing and verifying digital signatures.
142	;;;
143	;;; %symmetric-secrecy i.e., standard symmetric encryption and decryption.
144	;;;
145	;;; %symmetric-integrity i.e., generating and verifyng message authentication
146	;;; code tags.
147	;;;
148	;;; Each of these includes one or other of `%asymmetric' or `%symmetric', and
149	;;; one or other of `%secrecy' or `%integrity'. Both of these include
150	;;; `%common', which may therefore contain policy for all user keys.
151	;;;
152	;;; The `acl-ACTION' properties define access-control lists for various
153	;;; ACTIONs. An ACL consists of a sequence of entries separated by spaces.
154	;;; An ACL entry has the form
155	;;;
156	;;; [-]PATTERN
157	;;;
158	;;; where PATTERN may be one of the following.
159	;;;
160	;;; !owner The owner of the key, i.e., the user who created it.
161	;;;
162	;;; %GROUP Any member of a group whose name or gid matches the
163	;;; glob pattern GROUP.
164	;;;
165	;;; USER A user whose name or uid matches the glob pattern
166	;;; USER.
167	;;;
168	;;; An entry usually grants permission to a user who matches its pattern; if
169	;;; prefixed by a `-', the entry denies permission instead. Entries are
170	;;; checked in order, left to right; only the first match is significant. If
171	;;; no matching entries are found then access is denied.
172	;;;
173	;;; ACTIONs currently defined are `encrypt', `decrypt', `sign', `verify', and
174	;;; `info', corresponding to the like-named `cryptop' commands. Others may
175	;;; be defined later, but their names won't contain `%' signs. The default
176	;;; ACLs are defined in terms of the following internal properties.
177	;;;
178	;;; acl-%none No access at all, for inapplicable operations.
179	;;;
180	;;; acl-%private Access should always be limited to authorized users.
181	;;;
182	;;; acl-%public Access may be granted more widely for asymmetric key
183	;;; types.
184	;;;
185	;;; Other useful properties are as follows.
186	;;;
187	;;; recovery A list of recovery keys with which encrypted copies
188	;;; of the key nub should be made. The default is to
189	;;; make no recovery copies, because this configuration
190	;;; has no idea which recovery key to use; however, I
191	;;; /stongly/ recommend that all user keys used for
192	;;; secrecy be recoverable.
193
194	[%common]
195
196	;; ACL principal names.
197	acl-%private = !owner
198	acl-%none = -*
199
200	;; Default ACLs.
201	acl-info = $acl-%private
202	acl-encrypt = $acl-%none
203	acl-decrypt = $acl-%none
204	acl-sign = $acl-%none
205	acl-verify = $acl-%none
206
207	[%symmetric]
208	@include = %common
209	acl-%public = $acl-%private
210
211	[%asymmetric]
212	@include = %common
213	acl-%public = *
214
215	[%secrecy]
216	@include = %common
217	acl-encrypt = $acl-%public
218	acl-decrypt = $acl-%private
219
220	[%integrity]
221	@include = %common
222	acl-sign = $acl-%private
223	acl-verify = $acl-%public
224
225	[%asymmetric-secrecy]
226	@include = %asymmetric %integrity
227
228	[%asymmetric-integrity]
229	@include = %asymmetric %integrity
230
231	[%symmetric-secrecy]
232	@include = %symmetric %integrity
233
234	[%symmetric-integrity]
235	@include = %symmetric %integrity
236
237	;;;----- That's all, folks --------------------------------------------------