+;;; -*-conf-*-
+;;;
+;;; Basic profile configuration for key management
+;;;
+;;; (c) 2011 Mark Wooding
+;;;
+
+;;;----- Licensing notice ---------------------------------------------------
+;;;
+;;; This file is part of the distorted.org.uk key management suite.
+;;;
+;;; distorted-keys is free software; you can redistribute it and/or modify
+;;; it under the terms of the GNU General Public License as published by
+;;; the Free Software Foundation; either version 2 of the License, or
+;;; (at your option) any later version.
+;;;
+;;; distorted-keys is distributed in the hope that it will be useful,
+;;; but WITHOUT ANY WARRANTY; without even the implied warranty of
+;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+;;; GNU General Public License for more details.
+;;;
+;;; You should have received a copy of the GNU General Public License
+;;; along with distorted-keys; if not, write to the Free Software Foundation,
+;;; Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
+
+;;;--------------------------------------------------------------------------
+;;; Profile syntax.
+;;;
+;;; The configuration file is divided into sections, each beginning with a
+;;; header enclosed in square brackets. Within a section, lines of the form
+;;;
+;;; NAME = VALUE
+;;;
+;;; define properties within that section. Property names may consist of
+;;; alphanumeric characters, hyphens `-', underscores `_', and percent signs
+;;; `%'; hyphens and underscores are equivalent. Several section headers may
+;;; use the same name: this is entirely equivalent to a single section
+;;; containing the same definitions in the same order. If two definitions in
+;;; the same section have the same property name, the earlier definition is
+;;; silently ignored. Properties whose names contain percent signs are
+;;; used internally only, and not emitted.
+;;;
+;;; There are special pseudoproperties whose names begin with `@'.
+;;; Currently, the only pseudoproperty defined is `@include'. The value is a
+;;; list of section names separated by whitespace: the named sections are
+;;; `directly included'; a section includes directly included sections, and
+;;; sections included by directly included sections. It is an error for a
+;;; section to include itself. If a property is defined in an included
+;;; section, but not in the including section, then the property is added to
+;;; (`inherited by') the including section. The property's value is
+;;; determined as follows. A `candidate definition' for the property is a
+;;; definition in a section S such that no section which includes S contains
+;;; a definition for the property. It is an error for two candidate
+;;; definitions to provide different values for the property; otherwise, the
+;;; inherited value is the common value of the candidate definitions.
+;;;
+;;; Property definitions before the first section heading are placed in the
+;;; special section `@GLOBAL', which is implicitly included in every other
+;;; section.
+;;;
+;;; Property values (but not pseudoproperties) may contain substitution
+;;; placeholders of the form $NAME or ${NAME}, which are replaced by the
+;;; value of the (possibly inherited) property NAME. It is an error if there
+;;; is no definition for the property. Substitution placeholders in the
+;;; replacement value are also expanded, recursively; the search begins
+;;; relative to the original section. (There is not a well-defined
+;;; containing section for the replacement property.) References to the
+;;; special property name `@name' is replaced by the name of the section.
+
+;;;--------------------------------------------------------------------------
+;;; Structure and conventions.
+;;;
+;;; It's probably best if you don't edit this file. Instead, install it as
+;;; `00base' in the system profiles directory, and apply your local
+;;; customizations in separate files. The numbers on the front of the
+;;; filenames ensure that they're read in the right order. The first digit
+;;; describes the source of the configuration:
+;;;
+;;; 0 Global defaults. The configuration files distributed
+;;; with distorted-keys go here. So should the default
+;;; profiles for any other key types and client packages.
+;;;
+;;; 1--4 Overrides for operating system vendors, packagers,
+;;; etc.
+;;;
+;;; 5--8 Overrides for organizational and site-specific
+;;; configuration.
+;;;
+;;; 9 Host-specific overrides.
+;;;
+;;; Section names beginning with `%' are not intended to be used directly,
+;;; but included into other sections.
+;;;
+;;; Each key type KTYPE should define two or three sections:
+;;;
+;;; %KTYPE Basic configuration common to all uses of the key
+;;; type. All profiles using the key type should include
+;;; this section. The `type' property should be defined
+;;; appropriately. The settings should be suitable for
+;;; general use by a technically able user who is not a
+;;; cryptography expert, and should aim to provide at
+;;; least a 128-bit security level.
+;;;
+;;; %KTYPE-infra Additional configuration for use as an infrastructure
+;;; key (e.g., a keeper, recovery, or archive key). If
+;;; the key type is not suitable for use as an
+;;; infrastructure key, don't define this section at
+;;; all.
+;;;
+;;; KTYPE Additional configuration for use as a user key. In
+;;; particular, this should include either `%symmetric'
+;;; or `%asymmetric' as appropriate, in order to make
+;;; available appropriate default ACLs. Typically, no
+;;; other settings will be needed.
+;;;
+;;; Other section names beginning `KTYPE-' or `%KTYPE-' are reserved for the
+;;; the use of the key type.
+
+;;;--------------------------------------------------------------------------
+;;; Common settings.
+
+;; Random bit source, for generating nubs and similar.
+random = random
+
+;; Nub generation parameters. Note that the specifics of nub generation are
+;; key-type specific.
+nub-hash = sha384
+nub-random-bytes = 512
+
+;; Hash function for computing nub hashes.
+nubid-hash = sha256
+
+;;;--------------------------------------------------------------------------
+;;; Common policy for user keys.
+;;;
+;;; All key-type profiles for user keys should include one of the following
+;;; sections.
+;;;
+;;; %asymmetric-secrecy i.e., public-key encryption and decryption.
+;;;
+;;; %asymmetric-integrity i.e., issuing and verifying digital signatures.
+;;;
+;;; %symmetric-secrecy i.e., standard symmetric encryption and decryption.
+;;;
+;;; %symmetric-integrity i.e., generating and verifyng message authentication
+;;; code tags.
+;;;
+;;; Each of these includes one or other of `%asymmetric' or `%symmetric', and
+;;; one or other of `%secrecy' or `%integrity'. Both of these include
+;;; `%common', which may therefore contain policy for all user keys.
+;;;
+;;; The `acl-ACTION' properties define access-control lists for various
+;;; ACTIONs. An ACL consists of a sequence of entries separated by spaces.
+;;; An ACL entry has the form
+;;;
+;;; [-]PATTERN
+;;;
+;;; where PATTERN may be one of the following.
+;;;
+;;; !owner The owner of the key, i.e., the user who created it.
+;;;
+;;; %GROUP Any member of a group whose name or gid matches the
+;;; glob pattern GROUP.
+;;;
+;;; USER A user whose name or uid matches the glob pattern
+;;; USER.
+;;;
+;;; An entry usually grants permission to a user who matches its pattern; if
+;;; prefixed by a `-', the entry denies permission instead. Entries are
+;;; checked in order, left to right; only the first match is significant. If
+;;; no matching entries are found then access is denied.
+;;;
+;;; ACTIONs currently defined are `encrypt', `decrypt', `sign', `verify', and
+;;; `info', corresponding to the like-named `cryptop' commands. Others may
+;;; be defined later, but their names won't contain `%' signs. The default
+;;; ACLs are defined in terms of the following internal properties.
+;;;
+;;; acl-%none No access at all, for inapplicable operations.
+;;;
+;;; acl-%private Access should always be limited to authorized users.
+;;;
+;;; acl-%public Access may be granted more widely for asymmetric key
+;;; types.
+;;;
+;;; Other useful properties are as follows.
+;;;
+;;; recovery A list of recovery keys with which encrypted copies
+;;; of the key nub should be made. The default is to
+;;; make no recovery copies, because this configuration
+;;; has no idea which recovery key to use; however, I
+;;; /stongly/ recommend that all user keys used for
+;;; secrecy be recoverable.
+
+[%common]
+
+;; ACL principal names.
+acl-%private = !owner
+acl-%none = -*
+
+;; Default ACLs.
+acl-info = $acl-%private
+acl-encrypt = $acl-%none
+acl-decrypt = $acl-%none
+acl-sign = $acl-%none
+acl-verify = $acl-%none
+
+[%symmetric]
+@include = %common
+acl-%public = $acl-%private
+
+[%asymmetric]
+@include = %common
+acl-%public = *
+
+[%secrecy]
+@include = %common
+acl-encrypt = $acl-%public
+acl-decrypt = $acl-%private
+
+[%integrity]
+@include = %common
+acl-sign = $acl-%private
+acl-verify = $acl-%public
+
+[%asymmetric-secrecy]
+@include = %asymmetric %integrity
+
+[%asymmetric-integrity]
+@include = %asymmetric %integrity
+
+[%symmetric-secrecy]
+@include = %symmetric %integrity
+
+[%symmetric-integrity]
+@include = %symmetric %integrity
+
+;;;----- That's all, folks --------------------------------------------------