profile.d/*: Base configuration files.

[distorted-keys] / profile.d / 00base

;;; -*-conf-*-
;;;
;;; Basic profile configuration for key management
;;;
;;; (c) 2011 Mark Wooding
;;;

;;;----- Licensing notice ---------------------------------------------------
;;;
;;; This file is part of the distorted.org.uk key management suite.
;;;
;;; distorted-keys is free software; you can redistribute it and/or modify
;;; it under the terms of the GNU General Public License as published by
;;; the Free Software Foundation; either version 2 of the License, or
;;; (at your option) any later version.
;;;
;;; distorted-keys is distributed in the hope that it will be useful,
;;; but WITHOUT ANY WARRANTY; without even the implied warranty of
;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
;;; GNU General Public License for more details.
;;;
;;; You should have received a copy of the GNU General Public License
;;; along with distorted-keys; if not, write to the Free Software Foundation,
;;; Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.

;;;--------------------------------------------------------------------------
;;; Profile syntax.
;;;
;;; The configuration file is divided into sections, each beginning with a
;;; header enclosed in square brackets.  Within a section, lines of the form
;;;
;;;     NAME = VALUE
;;;
;;; define properties within that section.  Property names may consist of
;;; alphanumeric characters, hyphens `-', underscores `_', and percent signs
;;; `%'; hyphens and underscores are equivalent.  Several section headers may
;;; use the same name: this is entirely equivalent to a single section
;;; containing the same definitions in the same order.  If two definitions in
;;; the same section have the same property name, the earlier definition is
;;; silently ignored.  Properties whose names contain percent signs are
;;; used internally only, and not emitted.
;;;
;;; There are special pseudoproperties whose names begin with `@'.
;;; Currently, the only pseudoproperty defined is `@include'.  The value is a
;;; list of section names separated by whitespace: the named sections are
;;; `directly included'; a section includes directly included sections, and
;;; sections included by directly included sections.  It is an error for a
;;; section to include itself.  If a property is defined in an included
;;; section, but not in the including section, then the property is added to
;;; (`inherited by') the including section.  The property's value is
;;; determined as follows.  A `candidate definition' for the property is a
;;; definition in a section S such that no section which includes S contains
;;; a definition for the property.  It is an error for two candidate
;;; definitions to provide different values for the property; otherwise, the
;;; inherited value is the common value of the candidate definitions.
;;;
;;; Property definitions before the first section heading are placed in the
;;; special section `@GLOBAL', which is implicitly included in every other
;;; section.
;;;
;;; Property values (but not pseudoproperties) may contain substitution
;;; placeholders of the form $NAME or ${NAME}, which are replaced by the
;;; value of the (possibly inherited) property NAME.  It is an error if there
;;; is no definition for the property.  Substitution placeholders in the
;;; replacement value are also expanded, recursively; the search begins
;;; relative to the original section.  (There is not a well-defined
;;; containing section for the replacement property.)  References to the
;;; special property name `@name' is replaced by the name of the section.

;;;--------------------------------------------------------------------------
;;; Structure and conventions.
;;;
;;; It's probably best if you don't edit this file.  Instead, install it as
;;; `00base' in the system profiles directory, and apply your local
;;; customizations in separate files.  The numbers on the front of the
;;; filenames ensure that they're read in the right order.  The first digit
;;; describes the source of the configuration:
;;;
;;; 0                   Global defaults.  The configuration files distributed
;;;                     with distorted-keys go here.  So should the default
;;;                     profiles for any other key types and client packages.
;;;
;;; 1--4                Overrides for operating system vendors, packagers,
;;;                     etc.
;;;
;;; 5--8                Overrides for organizational and site-specific
;;;                     configuration.
;;;
;;; 9                   Host-specific overrides.
;;;
;;; Section names beginning with `%' are not intended to be used directly,
;;; but included into other sections.
;;;
;;; Each key type KTYPE should define two or three sections:
;;;
;;; %KTYPE              Basic configuration common to all uses of the key
;;;                     type.  All profiles using the key type should include
;;;                     this section.  The `type' property should be defined
;;;                     appropriately.  The settings should be suitable for
;;;                     general use by a technically able user who is not a
;;;                     cryptography expert, and should aim to provide at
;;;                     least a 128-bit security level.
;;;
;;; %KTYPE-infra        Additional configuration for use as an infrastructure
;;;                     key (e.g., a keeper, recovery, or archive key).  If
;;;                     the key type is not suitable for use as an
;;;                     infrastructure key, don't define this section at
;;;                     all.
;;;
;;; KTYPE               Additional configuration for use as a user key.  In
;;;                     particular, this should include either `%symmetric'
;;;                     or `%asymmetric' as appropriate, in order to make
;;;                     available appropriate default ACLs.  Typically, no
;;;                     other settings will be needed.
;;;
;;; Other section names beginning `KTYPE-' or `%KTYPE-' are reserved for the
;;; the use of the key type.

;;;--------------------------------------------------------------------------
;;; Common settings.

;; Random bit source, for generating nubs and similar.
random = random

;; Nub generation parameters.  Note that the specifics of nub generation are
;; key-type specific.
nub-hash = sha384
nub-random-bytes = 512

;; Hash function for computing nub hashes.
nubid-hash = sha256

;;;--------------------------------------------------------------------------
;;; Common policy for user keys.
;;;
;;; All key-type profiles for user keys should include one of the following
;;; sections.
;;;
;;; %asymmetric-secrecy i.e., public-key encryption and decryption.
;;;
;;; %asymmetric-integrity i.e., issuing and verifying digital signatures.
;;;
;;; %symmetric-secrecy  i.e., standard symmetric encryption and decryption.
;;;
;;; %symmetric-integrity i.e., generating and verifyng message authentication
;;;                     code tags.
;;;
;;; Each of these includes one or other of `%asymmetric' or `%symmetric', and
;;; one or other of `%secrecy' or `%integrity'.  Both of these include
;;; `%common', which may therefore contain policy for all user keys.
;;;
;;; The `acl-ACTION' properties define access-control lists for various
;;; ACTIONs.  An ACL consists of a sequence of entries separated by spaces.
;;; An ACL entry has the form
;;;
;;;     [-]PATTERN
;;;
;;; where PATTERN may be one of the following.
;;;
;;; !owner              The owner of the key, i.e., the user who created it.
;;;
;;; %GROUP              Any member of a group whose name or gid matches the
;;;                     glob pattern GROUP.
;;;
;;; USER                A user whose name or uid matches the glob pattern
;;;                     USER.
;;;
;;; An entry usually grants permission to a user who matches its pattern; if
;;; prefixed by a `-', the entry denies permission instead.  Entries are
;;; checked in order, left to right; only the first match is significant.  If
;;; no matching entries are found then access is denied.
;;;
;;; ACTIONs currently defined are `encrypt', `decrypt', `sign', `verify', and
;;; `info', corresponding to the like-named `cryptop' commands.  Others may
;;; be defined later, but their names won't contain `%' signs.  The default
;;; ACLs are defined in terms of the following internal properties.
;;;
;;; acl-%none           No access at all, for inapplicable operations.
;;;
;;; acl-%private        Access should always be limited to authorized users.
;;;
;;; acl-%public         Access may be granted more widely for asymmetric key
;;;                     types.
;;;
;;; Other useful properties are as follows.
;;;
;;; recovery            A list of recovery keys with which encrypted copies
;;;                     of the key nub should be made.  The default is to
;;;                     make no recovery copies, because this configuration
;;;                     has no idea which recovery key to use; however, I
;;;                     /stongly/ recommend that all user keys used for
;;;                     secrecy be recoverable.

[%common]

;; ACL principal names.
acl-%private = !owner
acl-%none = -*

;; Default ACLs.
acl-info = $acl-%private
acl-encrypt = $acl-%none
acl-decrypt = $acl-%none
acl-sign = $acl-%none
acl-verify = $acl-%none

[%symmetric]
@include = %common
acl-%public = $acl-%private

[%asymmetric]
@include = %common
acl-%public = *

[%secrecy]
@include = %common
acl-encrypt = $acl-%public
acl-decrypt = $acl-%private

[%integrity]
@include = %common
acl-sign = $acl-%private
acl-verify = $acl-%public

[%asymmetric-secrecy]
@include = %asymmetric %integrity

[%asymmetric-integrity]
@include = %asymmetric %integrity

[%symmetric-secrecy]
@include = %symmetric %integrity

[%symmetric-integrity]
@include = %symmetric %integrity

;;;----- That's all, folks --------------------------------------------------