From: Mark Wooding Date: Sat, 7 Jan 2012 02:12:47 +0000 (+0000) Subject: profile.d/*: Base configuration files. X-Git-Tag: 0.99.2~45 X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~mdw/git/distorted-keys/commitdiff_plain/c0979a8f5abf02b454aee797e2aa028360186cc4 profile.d/*: Base configuration files. Fairly detailed commentary. Makes up for the lack of useful documentation in my dreams, at least. --- diff --git a/Makefile.am b/Makefile.am index 1fc452b..9e67f9f 100644 --- a/Makefile.am +++ b/Makefile.am @@ -23,6 +23,9 @@ ### along with distorted-keys; if not, write to the Free Software Foundation, ### Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. +pkgconfdir = $(sysconfdir)/$(PACKAGE) +profiledir = $(pkgconfdir)/profile.d + bin_SCRIPTS = sbin_SCRIPTS = dist_pkglib_SCRIPTS = @@ -30,6 +33,7 @@ dist_pkglib_DATA = noinst_DATA = pkglib_DATA = noinst_SCRIPTS = +dist_profile_DATA = EXTRA_DIST = CLEANFILES = @@ -45,8 +49,8 @@ SUBSTVARS = \ PACKAGE="$(PACKAGE)" VERSION="$(VERSION)" \ PYTHON="$(PYTHON)" \ bindir="$(bindir)" sbindir="$(sbindir)" \ - pkgconfdir="$(sysconfdir)/$(PACKAGE)" \ - pkgstatedir="$(localstatedir)/$(PACKAGE)" \ + pkgconfdir="$(pkgconfdir)" \ + pkgstatedir="$(localstatedir)/lib/$(PACKAGE)" \ pkglibdir="$(pkglibdir)" \ user="$(user)" @@ -115,7 +119,10 @@ cryptop: cryptop.in Makefile ## Key type libraries. dist_pkglib_DATA += ktype.gnupg +dist_profile_DATA += profile.d/01gnupg + dist_pkglib_DATA += ktype.seccure +dist_profile_DATA += profile.d/01seccure ## Commands. dist_pkglib_SCRIPTS += cryptop.genkey @@ -139,4 +146,10 @@ userv/distorted-keys: userv/distorted-keys.in Makefile >userv/distorted-keys.new && \ mv userv/distorted-keys.new userv/distorted-keys +###-------------------------------------------------------------------------- +### Configuration snippets. + +dist_profile_DATA += profile.d/00base +dist_profile_DATA += profile.d/02infra + ###----- That's all, folks -------------------------------------------------- diff --git a/profile.d/00base b/profile.d/00base new file mode 100644 index 0000000..09ac56b --- /dev/null +++ b/profile.d/00base @@ -0,0 +1,237 @@ +;;; -*-conf-*- +;;; +;;; Basic profile configuration for key management +;;; +;;; (c) 2011 Mark Wooding +;;; + +;;;----- Licensing notice --------------------------------------------------- +;;; +;;; This file is part of the distorted.org.uk key management suite. +;;; +;;; distorted-keys is free software; you can redistribute it and/or modify +;;; it under the terms of the GNU General Public License as published by +;;; the Free Software Foundation; either version 2 of the License, or +;;; (at your option) any later version. +;;; +;;; distorted-keys is distributed in the hope that it will be useful, +;;; but WITHOUT ANY WARRANTY; without even the implied warranty of +;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +;;; GNU General Public License for more details. +;;; +;;; You should have received a copy of the GNU General Public License +;;; along with distorted-keys; if not, write to the Free Software Foundation, +;;; Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. + +;;;-------------------------------------------------------------------------- +;;; Profile syntax. +;;; +;;; The configuration file is divided into sections, each beginning with a +;;; header enclosed in square brackets. Within a section, lines of the form +;;; +;;; NAME = VALUE +;;; +;;; define properties within that section. Property names may consist of +;;; alphanumeric characters, hyphens `-', underscores `_', and percent signs +;;; `%'; hyphens and underscores are equivalent. Several section headers may +;;; use the same name: this is entirely equivalent to a single section +;;; containing the same definitions in the same order. If two definitions in +;;; the same section have the same property name, the earlier definition is +;;; silently ignored. Properties whose names contain percent signs are +;;; used internally only, and not emitted. +;;; +;;; There are special pseudoproperties whose names begin with `@'. +;;; Currently, the only pseudoproperty defined is `@include'. The value is a +;;; list of section names separated by whitespace: the named sections are +;;; `directly included'; a section includes directly included sections, and +;;; sections included by directly included sections. It is an error for a +;;; section to include itself. If a property is defined in an included +;;; section, but not in the including section, then the property is added to +;;; (`inherited by') the including section. The property's value is +;;; determined as follows. A `candidate definition' for the property is a +;;; definition in a section S such that no section which includes S contains +;;; a definition for the property. It is an error for two candidate +;;; definitions to provide different values for the property; otherwise, the +;;; inherited value is the common value of the candidate definitions. +;;; +;;; Property definitions before the first section heading are placed in the +;;; special section `@GLOBAL', which is implicitly included in every other +;;; section. +;;; +;;; Property values (but not pseudoproperties) may contain substitution +;;; placeholders of the form $NAME or ${NAME}, which are replaced by the +;;; value of the (possibly inherited) property NAME. It is an error if there +;;; is no definition for the property. Substitution placeholders in the +;;; replacement value are also expanded, recursively; the search begins +;;; relative to the original section. (There is not a well-defined +;;; containing section for the replacement property.) References to the +;;; special property name `@name' is replaced by the name of the section. + +;;;-------------------------------------------------------------------------- +;;; Structure and conventions. +;;; +;;; It's probably best if you don't edit this file. Instead, install it as +;;; `00base' in the system profiles directory, and apply your local +;;; customizations in separate files. The numbers on the front of the +;;; filenames ensure that they're read in the right order. The first digit +;;; describes the source of the configuration: +;;; +;;; 0 Global defaults. The configuration files distributed +;;; with distorted-keys go here. So should the default +;;; profiles for any other key types and client packages. +;;; +;;; 1--4 Overrides for operating system vendors, packagers, +;;; etc. +;;; +;;; 5--8 Overrides for organizational and site-specific +;;; configuration. +;;; +;;; 9 Host-specific overrides. +;;; +;;; Section names beginning with `%' are not intended to be used directly, +;;; but included into other sections. +;;; +;;; Each key type KTYPE should define two or three sections: +;;; +;;; %KTYPE Basic configuration common to all uses of the key +;;; type. All profiles using the key type should include +;;; this section. The `type' property should be defined +;;; appropriately. The settings should be suitable for +;;; general use by a technically able user who is not a +;;; cryptography expert, and should aim to provide at +;;; least a 128-bit security level. +;;; +;;; %KTYPE-infra Additional configuration for use as an infrastructure +;;; key (e.g., a keeper, recovery, or archive key). If +;;; the key type is not suitable for use as an +;;; infrastructure key, don't define this section at +;;; all. +;;; +;;; KTYPE Additional configuration for use as a user key. In +;;; particular, this should include either `%symmetric' +;;; or `%asymmetric' as appropriate, in order to make +;;; available appropriate default ACLs. Typically, no +;;; other settings will be needed. +;;; +;;; Other section names beginning `KTYPE-' or `%KTYPE-' are reserved for the +;;; the use of the key type. + +;;;-------------------------------------------------------------------------- +;;; Common settings. + +;; Random bit source, for generating nubs and similar. +random = random + +;; Nub generation parameters. Note that the specifics of nub generation are +;; key-type specific. +nub-hash = sha384 +nub-random-bytes = 512 + +;; Hash function for computing nub hashes. +nubid-hash = sha256 + +;;;-------------------------------------------------------------------------- +;;; Common policy for user keys. +;;; +;;; All key-type profiles for user keys should include one of the following +;;; sections. +;;; +;;; %asymmetric-secrecy i.e., public-key encryption and decryption. +;;; +;;; %asymmetric-integrity i.e., issuing and verifying digital signatures. +;;; +;;; %symmetric-secrecy i.e., standard symmetric encryption and decryption. +;;; +;;; %symmetric-integrity i.e., generating and verifyng message authentication +;;; code tags. +;;; +;;; Each of these includes one or other of `%asymmetric' or `%symmetric', and +;;; one or other of `%secrecy' or `%integrity'. Both of these include +;;; `%common', which may therefore contain policy for all user keys. +;;; +;;; The `acl-ACTION' properties define access-control lists for various +;;; ACTIONs. An ACL consists of a sequence of entries separated by spaces. +;;; An ACL entry has the form +;;; +;;; [-]PATTERN +;;; +;;; where PATTERN may be one of the following. +;;; +;;; !owner The owner of the key, i.e., the user who created it. +;;; +;;; %GROUP Any member of a group whose name or gid matches the +;;; glob pattern GROUP. +;;; +;;; USER A user whose name or uid matches the glob pattern +;;; USER. +;;; +;;; An entry usually grants permission to a user who matches its pattern; if +;;; prefixed by a `-', the entry denies permission instead. Entries are +;;; checked in order, left to right; only the first match is significant. If +;;; no matching entries are found then access is denied. +;;; +;;; ACTIONs currently defined are `encrypt', `decrypt', `sign', `verify', and +;;; `info', corresponding to the like-named `cryptop' commands. Others may +;;; be defined later, but their names won't contain `%' signs. The default +;;; ACLs are defined in terms of the following internal properties. +;;; +;;; acl-%none No access at all, for inapplicable operations. +;;; +;;; acl-%private Access should always be limited to authorized users. +;;; +;;; acl-%public Access may be granted more widely for asymmetric key +;;; types. +;;; +;;; Other useful properties are as follows. +;;; +;;; recovery A list of recovery keys with which encrypted copies +;;; of the key nub should be made. The default is to +;;; make no recovery copies, because this configuration +;;; has no idea which recovery key to use; however, I +;;; /stongly/ recommend that all user keys used for +;;; secrecy be recoverable. + +[%common] + +;; ACL principal names. +acl-%private = !owner +acl-%none = -* + +;; Default ACLs. +acl-info = $acl-%private +acl-encrypt = $acl-%none +acl-decrypt = $acl-%none +acl-sign = $acl-%none +acl-verify = $acl-%none + +[%symmetric] +@include = %common +acl-%public = $acl-%private + +[%asymmetric] +@include = %common +acl-%public = * + +[%secrecy] +@include = %common +acl-encrypt = $acl-%public +acl-decrypt = $acl-%private + +[%integrity] +@include = %common +acl-sign = $acl-%private +acl-verify = $acl-%public + +[%asymmetric-secrecy] +@include = %asymmetric %integrity + +[%asymmetric-integrity] +@include = %asymmetric %integrity + +[%symmetric-secrecy] +@include = %symmetric %integrity + +[%symmetric-integrity] +@include = %symmetric %integrity + +;;;----- That's all, folks -------------------------------------------------- diff --git a/profile.d/01gnupg b/profile.d/01gnupg new file mode 100644 index 0000000..182769c --- /dev/null +++ b/profile.d/01gnupg @@ -0,0 +1,111 @@ +;;; -*-conf-*- +;;; +;;; Default configuration for GnuPG keys +;;; +;;; (c) 2012 Mark Wooding +;;; + +;;;----- Licensing notice --------------------------------------------------- +;;; +;;; This file is part of the distorted.org.uk key management suite. +;;; +;;; distorted-keys is free software; you can redistribute it and/or modify +;;; it under the terms of the GNU General Public License as published by +;;; the Free Software Foundation; either version 2 of the License, or +;;; (at your option) any later version. +;;; +;;; distorted-keys is distributed in the hope that it will be useful, +;;; but WITHOUT ANY WARRANTY; without even the implied warranty of +;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +;;; GNU General Public License for more details. +;;; +;;; You should have received a copy of the GNU General Public License +;;; along with distorted-keys; if not, write to the Free Software Foundation, +;;; Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. + +;;;-------------------------------------------------------------------------- +;;; GnuPG configuration. +;;; +;;; Properties defined by the key-type are as follows. All of them are +;;; optional. +;;; +;;; main-type Type of the main key. This must be an asymmetric +;;; integrity key type, e.g., `RSA', `DSA'. The default +;;; is `RSA'. +;;; +;;; main-length The size of the main key, in bits. For DSA, this is +;;; the larger field size. The default is 3072; you +;;; should set it explicitly if you override the main +;;; type. +;;; +;;; sub-type Type of the encryption subkey. This must be an +;;; asymmetric secrecy key type, e.g., `RSA', `ELG-E'. +;;; The default is `ELG-E'. +;;; +;;; sub-length The size of the subkey, as for `main-length'. The +;;; default is 3072. +;;; +;;; cipher-prefs A space-separated list of symmetric encryption +;;; algorithms, in order of decreasing preference. The +;;; default list is `AES256 AES TWOFISH 3DES BLOWFISH +;;; CAST5', but this may well change later. +;;; +;;; digest-prefs A space-separated list of message-digest (hash) +;;; algorithms, in order of decreasing preference. The +;;; default list is `SHA256 SHA1 RIPEMD160', but this may +;;; well change later. +;;; +;;; compress-prefs A space-separated list of compression algorithms, in +;;; order of decreasing preference. The default list is +;;; `ZLIB ZIP'. +;;; +;;; s2k-cipher The symmetric encryption scheme to use for encrypting +;;; private keys. The default is the first algorithm +;;; listed in `cipher-prefs'. +;;; +;;; s2k-digest The message-digest (hash) algorithm to use for +;;; deriving symmetric keys from passphrases. The +;;; default is the first algorithm listed in +;;; `digest-prefs'. +;;; +;;; realname These are used to construct the GnuPG key name as +;;; comment `$realname ($comment) <$email>'. If `comment' is +;;; email missing or `nil' then the comment field and its +;;; surrounding parentheses are omitted. A %{PARAM} +;;; placeholder in these properties is replaced by the +;;; values of the named key-generation parameter PARAM, +;;; and an error is reported if no such parameter is +;;; provided; a %{PARAM-DEFAULT} placeholder is replaced +;;; by the value of the parameter PARAM, or the string +;;; DEFAULT if no such parameter is provided. + +[%gnupg] +type = gnupg + +;; Main (integrity) key. +main-type = RSA +main-length = 3072 + +;; Subsidiary (secrecy) key. +sub-type = ELG-E +sub-length = 3072 + +;; Preferences for algorithms and compression. +cipher-prefs = AES256 AES TWOFISH 3DES BLOWFISH CAST5 +digest-prefs = SHA256 SHA1 RIPEMD160 +compress-prefs = ZLIB ZIP + +;; Identification (delegate to options). +realname = %{realname} +comment = %{comment-nil} +email = %{email} + +[gnupg] +@include = %gnupg %asymmetric + +[%gnupg-infra] +@include = %gnupg +realname = $@name $%description +email = %$%email-prefix$%tag@$%domain + +;;;----- That's all, folks -------------------------------------------------- diff --git a/profile.d/01seccure b/profile.d/01seccure new file mode 100644 index 0000000..79d9e2a --- /dev/null +++ b/profile.d/01seccure @@ -0,0 +1,57 @@ +;;; -*-conf-*- +;;; +;;; Default configuration for Seccure keys +;;; +;;; (c) 2012 Mark Wooding +;;; + +;;;----- Licensing notice --------------------------------------------------- +;;; +;;; This file is part of the distorted.org.uk key management suite. +;;; +;;; distorted-keys is free software; you can redistribute it and/or modify +;;; it under the terms of the GNU General Public License as published by +;;; the Free Software Foundation; either version 2 of the License, or +;;; (at your option) any later version. +;;; +;;; distorted-keys is distributed in the hope that it will be useful, +;;; but WITHOUT ANY WARRANTY; without even the implied warranty of +;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +;;; GNU General Public License for more details. +;;; +;;; You should have received a copy of the GNU General Public License +;;; along with distorted-keys; if not, write to the Free Software Foundation, +;;; Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. + +;;;-------------------------------------------------------------------------- +;;; Seccure configuration. +;;; +;;; Properties defined by the key-type are as follows. All the properties +;;; are optional. +;;; +;;; curve The name of the elliptic curve to use. See the +;;; seccure(1) man page for a list of curves. The name +;;; here can be any substring unique to a single curve. +;;; The default is `p256', which selects the NIST P256 +;;; curve. +;;; +;;; tagsz The size of the MAC tag used to ensure the integrity +;;; of encrypted messages (and therefore security against +;;; chosen-ciphertext attack). + +[%seccure] +type = seccure + +;; Curve selection. +curve = p256 + +;; MAC tag length. +tagsz = 128 + +[seccure] +@include = %seccure %asymmetric + +[%seccure-infra] +@include = %seccure + +;;;----- That's all, folks -------------------------------------------------- diff --git a/profile.d/02infra b/profile.d/02infra new file mode 100644 index 0000000..8412bc2 --- /dev/null +++ b/profile.d/02infra @@ -0,0 +1,144 @@ +;;; -*-conf-*- +;;; +;;; Default configuration for infrastructure keys +;;; +;;; (c) 2012 Mark Wooding +;;; + +;;;----- Licensing notice --------------------------------------------------- +;;; +;;; This file is part of the distorted.org.uk key management suite. +;;; +;;; distorted-keys is free software; you can redistribute it and/or modify +;;; it under the terms of the GNU General Public License as published by +;;; the Free Software Foundation; either version 2 of the License, or +;;; (at your option) any later version. +;;; +;;; distorted-keys is distributed in the hope that it will be useful, +;;; but WITHOUT ANY WARRANTY; without even the implied warranty of +;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +;;; GNU General Public License for more details. +;;; +;;; You should have received a copy of the GNU General Public License +;;; along with distorted-keys; if not, write to the Free Software Foundation, +;;; Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. + +;;;-------------------------------------------------------------------------- +;;; Infrastructure keys conventions. +;;; +;;; Infrastructure keys are unusual in that they don't usually have access +;;; control lists. Instead, they're used either automatically or as a direct +;;; result of action by a privileged user. +;;; +;;; Some key types (e.g., `gnupg') try to associate meaningful names with +;;; their keys. When infrastructure keys are generated, parameters are +;;; provided containing fragments of information which might be useful when +;;; constructing such names. These parameters are described in detail +;;; below. The default profile for each type of infrastructure key defines +;;; the following properties constructed from these fragments. +;;; +;;; %description A short but readable description of the key, +;;; including its purpose and label. +;;; +;;; %tag A condensed tag, containing the label and other +;;; identifying features, suitable for inclusion in the +;;; local part of an email address. +;;; +;;; Commands which generate infrastructure keys accept an option, usually +;;; `-p', to specify a profile by name; the default, which is almost always +;;; what you want, is to use the appropriate top-level profile defined here. +;;; +;;; All profiles for infrastructure keys include one of these four sections: +;;; +;;; %infra-asec `Asymmetric secrecy', i.e., public-key encryption and +;;; decryption. +;;; +;;; %infra-aint `Asymmetric integrity', i.e., issuing and verifying +;;; digital signatures. +;;; +;;; %infra-ssec `Symmetric secrecy', i.e., standard symmetric +;;; encryption and decryption. +;;; +;;; %infra-sint `Symmetric integrity', i.e., generating and verifyng +;;; message authentication code tags. +;;; +;;; Each of these simply includes two further sections (though they're useful +;;; if you want to select different key types for different purposes): one of +;;; `%infra-asymm' or `%infra-symm' according to whether the key is +;;; asymmetric or symmetric, and one of `%infra-sec' or `%infra-int' +;;; according to whether it's for secrecy or integrity. +;;; +;;; (Currently, there are no symmetric infrastructure keys.) + +[%infra-common] + +[%infra-sec] +@include = %infra-common + +[%infra-int] +@include = %infra-common + +[%infra-asymm] +@include = %gnupg-infra %infra-common + +[%infra-symm] +@include = %infra-common + +[%infra-asec] +@include = %infra-asymm %infra-sec + +[%infra-aint] +@include = %infra-asymm %infra-int + +[%infra-ssec] +@include = %infra-symm %infra-sec + +[%infra-sint] +@include = %infra-symm %infra-int + +;;;-------------------------------------------------------------------------- +;;; Keeper sets. +;;; +;;; Name fragment parameters supplied: +;;; +;;; keeper The label of the keeper set. +;;; +;;; seq Sequence number of this key in the set (from 0, up +;;; to NUM - 1). +;;; +;;; num The number of keys in the set. + +[keeper] +@include = %infra-asec +%description = %{keeper} %{seq}/%{num} +%tag = %{keeper}-%{seq} + +;;;-------------------------------------------------------------------------- +;;; Recovery keys. +;;; +;;; Name fragment parameters supplied. +;;; +;;; recov The label of the recovery key. + +[recovery] +@include = %infra-asec +%description = %{recov} +%tag = %{recov} + +;;;-------------------------------------------------------------------------- +;;; Archive integrity keys. +;;; +;;; These are user keys (so that users can verify archives with them). The +;;; properties here assume a parameter `label' is provided at generation +;;; time. + +[archive] +@include = %infra-aint %archive +%description = %{label} +%tag = %{label} + +[%archive] +@include = %asymmetric-integrity +acl-sign = $acl-%none + +;;;----- That's all, folks --------------------------------------------------