[tripe] / keys / tripe-keys.conf.5.in

.\" -*-nroff-*-
.\".
.\" Manual for the key-management configuration files
.\"
.\" (c) 2008 Straylight/Edgeware
.\"
.
.\"----- Licensing notice ---------------------------------------------------
.\"
.\" This file is part of Trivial IP Encryption (TrIPE).
.\"
.\" TrIPE is free software: you can redistribute it and/or modify it under
.\" the terms of the GNU General Public License as published by the Free
.\" Software Foundation; either version 3 of the License, or (at your
.\" option) any later version.
.\"
.\" TrIPE is distributed in the hope that it will be useful, but WITHOUT
.\" ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
.\" FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
.\" for more details.
.\"
.\" You should have received a copy of the GNU General Public License
.\" along with TrIPE.  If not, see <https://www.gnu.org/licenses/>.
.
.\"--------------------------------------------------------------------------
.so ../common/defs.man \" @@@PRE@@@
.
.\"--------------------------------------------------------------------------
.TH tripe-keys.conf 5tripe "14 September 2005" "Straylight/Edgeware" "TrIPE: Trivial IP Encryption"
.
.\"--------------------------------------------------------------------------
.SH "NAME"
.
tripe-keys.conf \- configuration file format for tripe-keys
.
.\"--------------------------------------------------------------------------
.SH "DESCRIPTION"
.
The
.B tripe-keys.master
or
.B tripe-keys.conf
file is a simple line-based configuration file read by
.BR tripe-keys (1).
Lines may be empty (consist only of whitespace), be comments (first
non-whitespace character is
.RB ` # ')
or have the form
.IP
.I name
.RB [ = ]
.I value
.PP
A
.I name
consists of alphanumeric characters and hyphens.  Values may contain
substitutions, of the form
.BI ${ name } \fR,
which are replaced by the value assigned to
.IR name .
Many
.IR name s
have significance to the
.B tripe-keys
program: these are described below.  Many have sensible defaults.
.SS "The tripe-keys.master file"
The client configuration file is built by applying substitutions to the
.B tripe-keys.master
file.  The following tokens are substituted:
.TP
.B @MASTER-SEQUENCE@
The sequence number of the most recently-added signing key.
.TP
.B @HK-MASTER@
The fingerprint of the signing key identified by
.BR @MASTER-SEQUENCE@ .
.SS "Master repository parameters"
.TP
.B base-url
The base URL of the key repository (usually with a trailing
.RB ` / ').
Typically, this will be something like
.RB ` http://www.distorted.org.uk/vpn/ '.
No default.
.TP
.B repos-base
The basename for the repository archive.  Default is
.RB ` tripe-keys.tar.gz '.
.TP
.B sig-base
The basename template for repository signatures.  Default is
.RB ` tripe-keys.sig-<SEQ> '.
The
.RB ` <SEQ> '
portion, if any, is replaced by the sequence number of the key which
made the signature.
.TP
.B repos-url
The URL for the key repository tarball.  Default is the concatenation of
.I base-url
and
.IR repos-base .
.TP
.B sig-url
The URL template for key repository signatures.  Default is the
concatenation of
.I base-url
and
.IR sig-base .
.TP
.B master-sequence
The sequence number of the master authority's current signing key.  No
default.  Usually set up automatically.
.TP
.B master-keygen-flags
Additional options for generating master keys.  Default is
.RB ` \-l '.
.TP
.B master-attrs
Additional attributes to set on the master key,
as
.IB key = value
pairs separated by spaces.
Default is empty.
.TP
.B hk-master
The fingerprint of the current master signing key.  No default.  Usually
set up automatically.
.TP
.B upload-hook
A shell command to run by
.B tripe-keys upload
after it has successfully written the
.I repos-file
and
.IR sig-file s.
Default is
.RB ` ": run upload hook" '
which does nothing.
.SS "Crypto parameters"
.TP
.B kx
Key-exchange algorithm to use.  Either
.B dh
(integer Diffie-Hellman)
or
.B ec
(elliptic curves).  The default is
.RB ` dh '.
.ne 9
.TP
.B kx-genalg
Key generation algorithm name to pass to
.B "key add"
when generating keys.
Default depends on
.I kx
as follows.
.TS
center;
| ci | ci |
| lb | lb |.
_
kx	kx-genalg
_
dh	dh
ec	ec
x25519	x25519
x448	x448
_
.TE
.ne 9
.TP
.B kx-param-genalg
Key generation algorithm name to pass to
.B "key add"
when generating the parameters key.
Default depends on
.I kx
as follows.
.TS
center;
| ci | ci |
| lb | lb |.
_
kx	kx-param-genalg
_
dh	dh-param
ec	ec-param
x25519	empty
x448	empty
_
.TE
.ne 9
.TP
.B kx-param
Options to pass to
.B "key add"
when generating the parameters key.  Default depends on
.I kx
as follows.
.TS
center;
| ci | ci |
| lb | lb |.
_
kx	kx-param
_
dh	\-LS \-b3072 \-B256
ec	\-Cnist-p256
x25519	\fInone
x448	\fInone
_
.TE
.ne 9
.TP
.B kx-attrs
Additional attributes to set on the parameters
(and therefore copied to peer keys),
as
.IB key = value
pairs separated by spaces.
Default depends on
.I kx
as follows.
.TS
center;
| ci | ci |
| lb | lb |.
_
kx	kx-attrs
_
dh	serialization=constlen
ec	serialization=constlen
x25519	\fIempty
x448	\fIempty
_
.TE
.TP
.B kx-expire
Expiry time for generated keys.  Default is
.RB ` "now + 1 year" '.
.TP
.B hash
Hashing algorithm to use.  Default is
.RB ` sha256 '.
.TP
.B bulk
The bulk crypto transform to use.
Default is
.RB ` iiv '.
.ne 8
.TP
.B mac
Message authentication algorithm to use.
Default depends on
.I bulk
as follows.
.TS
center;
| ci | ci |
| lb | lb |.
_
bulk	mac
_
v0	\fIhash\fB-hmac/\fIhalfhashlen
iiv	\fIhash\fB-hmac/\fIhalfhashlen
naclbox	poly1305/128
_
.TE
.IP
(In the above,
.I halfhashlen
is half of
.IR hash 's
output length.)
.TP
.B mgf
Mask-generation algorithm to use.  Default is
.BI \fR` hash -mgf \fR'.
This is probably a good choice.
.ne 7
.TP
.B cipher
Symmetric encryption scheme to use.
Default depends on
.I bulk
as follows.
.TS
center;
| ci | ci |
| lb | lb |.
_
bulk	cipher
_
v0	rijndael-cbc
iiv	rijndael-cbc
naclbox	chacha20
_
.TE
.ne 8
.TP
.B sig
Signature scheme to use.  Must be one of those recognized by
.BR catsign (1).
Default depends on
.I kx
as follows.
.TS
center;
| ci | ci |
| lb | lb |.
_
kx	sig
_
dh	dsa
ec	ecdsa
x25519	ed25519
x448	ed448
_
.TE
.ne 12
.TP
.B sig-genalg
Key-generation algorithm for signing key.  Default depends on
.I sig
as follows.
.TS
center;
| ci | ci |
| lb | lb |.
_
sig	sig-genalg
_
kcdsa	dh
dsa	dsa
rsapkcs1	rsa
rsapss	rsa
ecdsa	ec
eckcdsa	ec
ed25519	ed25519
ed448	ed448
_
.TE
.ne 10
.TP
.B sig-param
Signature-key generation parameters.  Default depends on
.I sig-genalg
as follows.
.TS
center;
| ci | ci |
| lb | lb |.
_
sig-genalg	sig-param
_
dh	\-LS \-b3072 \-B256
dsa	\-b3072 \-B256
rsa	\-b3072
ec	\-Cnist-p256
ed25519	\fInone
ed448	\fInone
_
.TE
.TP
.B sig-hash
Hash function to use for making signatures.  Default is
.IR hash .
.TP
.B sig-fresh
Oldest time we should consider a signed archive to be fresh.  Default is
.RB ` always ',
meaning that all signatures are fresh.
.TP
.B sig-expire
Expiry time for master signing key.  Default is
.RB ` forever '.
.TP
.B fingerprint-hash
Hash function to use for key fingerprinting.  Default is
.IR hash .
.SS "Master maintenance parameters"
.TP
.B base-dir
Local base directory for the repository files.  This probably ought to
end in a
.RB ` / '
character.  Unexpected files in this directory will be removed by the
.RB ` "tripe-keys upload" '
command.  No default.
.TP
.B repos-file
Filename for local repository tarball.  Default is the concatenation of
.I base-dir
and
.IB repos-base .
.TP
.B sig-file
Template for repository signatures.  Default is the concatenation of
.I base-dir
and
.IR sig-base .
.TP
.B conf-file
Filename for local repository configuration file.  Default is
.BI \fR` basedir /tripe-keys.conf \fR'.
.TP
.B kx-warn-days
The
.B "tripe-keys check"
command will warn about keys which will in less than
.I kx-warn-days
days.  Default is 28.
.
.\"--------------------------------------------------------------------------
.SH "SEE ALSO"
.
.BR tripe (8),
.BR tripe\-keys (8).
.
.\"--------------------------------------------------------------------------
.SH "AUTHOR"
.
Mark Wooding, <mdw@distorted.org.uk>
.
.\"----- That's all, folks --------------------------------------------------
Commit	Line	Data
060ca767	1	.\" --nroff--
060ca767	2	.\".
fc916a09 MW	3	.\" Manual for the key-management configuration files
	4	.\"
	5	.\" (c) 2008 Straylight/Edgeware
	6	.\"
	7	.
	8	.\"----- Licensing notice ---------------------------------------------------
	9	.\"
	10	.\" This file is part of Trivial IP Encryption (TrIPE).
	11	.\"
11ad66c2 MW	12	.\" TrIPE is free software: you can redistribute it and/or modify it under
	13	.\" the terms of the GNU General Public License as published by the Free
	14	.\" Software Foundation; either version 3 of the License, or (at your
	15	.\" option) any later version.
fc916a09	16	.\"
11ad66c2 MW	17	.\" TrIPE is distributed in the hope that it will be useful, but WITHOUT
	18	.\" ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
	19	.\" FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
	20	.\" for more details.
fc916a09 MW	21	.\"
fc916a09 MW	22	.\" You should have received a copy of the GNU General Public License
11ad66c2	23	.\" along with TrIPE. If not, see <https://www.gnu.org/licenses/>.
fc916a09 MW	24	.
fc916a09 MW	25	.\"--------------------------------------------------------------------------
e99aedcf	26	.so ../common/defs.man \" @@@PRE@@@
fc916a09 MW	27	.
fc916a09 MW	28	.\"--------------------------------------------------------------------------
0647ba7c	29	.TH tripe-keys.conf 5tripe "14 September 2005" "Straylight/Edgeware" "TrIPE: Trivial IP Encryption"
fc916a09 MW	30	.
fc916a09 MW	31	.\"--------------------------------------------------------------------------
060ca767	32	.SH "NAME"
fc916a09	33	.
060ca767	34	tripe-keys.conf \- configuration file format for tripe-keys
fc916a09 MW	35	.
fc916a09 MW	36	.\"--------------------------------------------------------------------------
060ca767	37	.SH "DESCRIPTION"
fc916a09	38	.
060ca767	39	The
	40	.B tripe-keys.master
	41	or
	42	.B tripe-keys.conf
	43	file is a simple line-based configuration file read by
	44	.BR tripe-keys (1).
	45	Lines may be empty (consist only of whitespace), be comments (first
	46	non-whitespace character is
	47	.RB ` # ')
	48	or have the form
	49	.IP
	50	.I name
	51	.RB [ = ]
	52	.I value
	53	.PP
	54	A
	55	.I name
	56	consists of alphanumeric characters and hyphens. Values may contain
	57	substitutions, of the form
	58	.BI ${ name } \fR,
	59	which are replaced by the value assigned to
	60	.IR name .
e04c2d50	61	Many
060ca767	62	.IR name s
	63	have significance to the
	64	.B tripe-keys
	65	program: these are described below. Many have sensible defaults.
	66	.SS "The tripe-keys.master file"
	67	The client configuration file is built by applying substitutions to the
	68	.B tripe-keys.master
	69	file. The following tokens are substituted:
	70	.TP
	71	.B @MASTER-SEQUENCE@
	72	The sequence number of the most recently-added signing key.
	73	.TP
	74	.B @HK-MASTER@
	75	The fingerprint of the signing key identified by
	76	.BR @MASTER-SEQUENCE@ .
	77	.SS "Master repository parameters"
	78	.TP
5b44a262	79	.B base-url
060ca767	80	The base URL of the key repository (usually with a trailing
	81	.RB ` / ').
	82	Typically, this will be something like
0479da8e	83	.RB ` http://www.distorted.org.uk/vpn/ '.
060ca767	84	No default.
060ca767	85	.TP
5b44a262	86	.B repos-base
060ca767	87	The basename for the repository archive. Default is
0479da8e	88	.RB ` tripe-keys.tar.gz '.
060ca767	89	.TP
5b44a262	90	.B sig-base
060ca767	91	The basename template for repository signatures. Default is
0479da8e	92	.RB ` tripe-keys.sig-<SEQ> '.
060ca767	93	The
	94	.RB ` <SEQ> '
	95	portion, if any, is replaced by the sequence number of the key which
	96	made the signature.
	97	.TP
5b44a262	98	.B repos-url
060ca767	99	The URL for the key repository tarball. Default is the concatenation of
	100	.I base-url
	101	and
	102	.IR repos-base .
	103	.TP
5b44a262	104	.B sig-url
060ca767	105	The URL template for key repository signatures. Default is the
060ca767	106	concatenation of
bdbd9326	107	.I base-url
060ca767	108	and
	109	.IR sig-base .
	110	.TP
5b44a262	111	.B master-sequence
060ca767	112	The sequence number of the master authority's current signing key. No
	113	default. Usually set up automatically.
	114	.TP
5b44a262	115	.B master-keygen-flags
7858dfa0	116	Additional options for generating master keys. Default is
6d3842b4	117	.RB ` \-l '.
7858dfa0	118	.TP
5b44a262	119	.B master-attrs
67bb121f MW	120	Additional attributes to set on the master key,
	121	as
	122	.IB key = value
	123	pairs separated by spaces.
	124	Default is empty.
	125	.TP
5b44a262	126	.B hk-master
060ca767	127	The fingerprint of the current master signing key. No default. Usually
060ca767	128	set up automatically.
b14ccd2f	129	.TP
5b44a262	130	.B upload-hook
b14ccd2f MW	131	A shell command to run by
	132	.B tripe-keys upload
	133	after it has successfully written the
	134	.I repos-file
	135	and
	136	.IR sig-file s.
	137	Default is
0479da8e	138	.RB ` ": run upload hook" '
b14ccd2f	139	which does nothing.
060ca767	140	.SS "Crypto parameters"
060ca767	141	.TP
5b44a262	142	.B kx
060ca767	143	Key-exchange algorithm to use. Either
e04c2d50	144	.B dh
060ca767	145	(integer Diffie-Hellman)
	146	or
	147	.B ec
	148	(elliptic curves). The default is
0479da8e	149	.RB ` dh '.
26936c83	150	.ne 9
060ca767	151	.TP
5b44a262	152	.B kx-genalg
256bc8d0 MW	153	Key generation algorithm name to pass to
	154	.B "key add"
	155	when generating keys.
	156	Default depends on
	157	.I kx
	158	as follows.
	159	.TS
	160	center;
	161	\| ci \| ci \|
	162	\| lb \| lb \|.
	163	_
	164	kx kx-genalg
	165	_
	166	dh dh
	167	ec ec
26936c83 MW	168	x25519 x25519
26936c83 MW	169	x448 x448
256bc8d0 MW	170	_
256bc8d0 MW	171	.TE
26936c83	172	.ne 9
256bc8d0	173	.TP
5b44a262	174	.B kx-param-genalg
256bc8d0 MW	175	Key generation algorithm name to pass to
	176	.B "key add"
	177	when generating the parameters key.
	178	Default depends on
	179	.I kx
	180	as follows.
	181	.TS
	182	center;
	183	\| ci \| ci \|
	184	\| lb \| lb \|.
	185	_
	186	kx kx-param-genalg
	187	_
	188	dh dh-param
	189	ec ec-param
26936c83 MW	190	x25519 empty
26936c83 MW	191	x448 empty
256bc8d0 MW	192	_
256bc8d0 MW	193	.TE
26936c83	194	.ne 9
256bc8d0	195	.TP
5b44a262	196	.B kx-param
060ca767	197	Options to pass to
	198	.B "key add"
	199	when generating the parameters key. Default depends on
	200	.I kx
	201	as follows.
	202	.TS
	203	center;
	204	\| ci \| ci \|
	205	\| lb \| lb \|.
	206	_
	207	kx kx-param
	208	_
ca3aaaeb	209	dh \-LS \-b3072 \-B256
060ca767	210	ec \-Cnist-p256
26936c83 MW	211	x25519 \fInone
26936c83 MW	212	x448 \fInone
060ca767	213	_
060ca767	214	.TE
26936c83	215	.ne 9
060ca767	216	.TP
5b44a262	217	.B kx-attrs
67bb121f MW	218	Additional attributes to set on the parameters
	219	(and therefore copied to peer keys),
	220	as
	221	.IB key = value
	222	pairs separated by spaces.
26936c83 MW	223	Default depends on
	224	.I kx
	225	as follows.
	226	.TS
	227	center;
	228	\| ci \| ci \|
	229	\| lb \| lb \|.
	230	_
	231	kx kx-attrs
	232	_
	233	dh serialization=constlen
	234	ec serialization=constlen
	235	x25519 \fIempty
	236	x448 \fIempty
	237	_
	238	.TE
67bb121f	239	.TP
5b44a262	240	.B kx-expire
060ca767	241	Expiry time for generated keys. Default is
0479da8e	242	.RB ` "now + 1 year" '.
060ca767	243	.TP
5b44a262	244	.B hash
060ca767	245	Hashing algorithm to use. Default is
0479da8e	246	.RB ` sha256 '.
060ca767	247	.TP
5b44a262	248	.B bulk
39bcd193 MW	249	The bulk crypto transform to use.
39bcd193 MW	250	Default is
0479da8e	251	.RB ` iiv '.
de8edc7f MW	252	.ne 8
de8edc7f MW	253	.TP
5b44a262	254	.B mac
de8edc7f MW	255	Message authentication algorithm to use.
	256	Default depends on
	257	.I bulk
	258	as follows.
	259	.TS
	260	center;
	261	\| ci \| ci \|
	262	\| lb \| lb \|.
	263	_
	264	bulk mac
	265	_
	266	v0 \fIhash\fB-hmac/\fIhalfhashlen
852e77b4	267	iiv \fIhash\fB-hmac/\fIhalfhashlen
de8edc7f MW	268	naclbox poly1305/128
	269	_
	270	.TE
	271	.IP
	272	(In the above,
060ca767	273	.I halfhashlen
	274	is half of
	275	.IR hash 's
de8edc7f	276	output length.)
060ca767	277	.TP
5b44a262	278	.B mgf
060ca767	279	Mask-generation algorithm to use. Default is
0479da8e	280	.BI \fR` hash -mgf \fR'.
060ca767	281	This is probably a good choice.
de8edc7f	282	.ne 7
060ca767	283	.TP
5b44a262	284	.B cipher
de8edc7f MW	285	Symmetric encryption scheme to use.
	286	Default depends on
	287	.I bulk
	288	as follows.
	289	.TS
	290	center;
	291	\| ci \| ci \|
	292	\| lb \| lb \|.
	293	_
	294	bulk cipher
	295	_
	296	v0 rijndael-cbc
	297	iiv rijndael-cbc
	298	naclbox chacha20
	299	_
	300	.TE
26936c83	301	.ne 8
060ca767	302	.TP
5b44a262	303	.B sig
060ca767	304	Signature scheme to use. Must be one of those recognized by
060ca767	305	.BR catsign (1).
b86e6f3f	306	Default depends on
060ca767	307	.I kx
b86e6f3f MW	308	as follows.
	309	.TS
	310	center;
	311	\| ci \| ci \|
	312	\| lb \| lb \|.
	313	_
	314	kx sig
	315	_
	316	dh dsa
	317	ec ecdsa
26936c83 MW	318	x25519 ed25519
26936c83 MW	319	x448 ed448
b86e6f3f MW	320	_
b86e6f3f MW	321	.TE
06a174df	322	.ne 12
060ca767	323	.TP
5b44a262	324	.B sig-genalg
e04c2d50	325	Key-generation algorithm for signing key. Default depends on
060ca767	326	.I sig
	327	as follows.
	328	.TS
	329	center;
	330	\| ci \| ci \|
	331	\| lb \| lb \|.
	332	_
	333	sig sig-genalg
	334	_
	335	kcdsa dh
	336	dsa dsa
f3664e7c	337	rsapkcs1 rsa
060ca767	338	rsapss rsa
	339	ecdsa ec
	340	eckcdsa ec
06a174df MW	341	ed25519 ed25519
06a174df MW	342	ed448 ed448
060ca767	343	_
060ca767	344	.TE
06a174df	345	.ne 10
060ca767	346	.TP
5b44a262	347	.B sig-param
060ca767	348	Signature-key generation parameters. Default depends on
	349	.I sig-genalg
	350	as follows.
	351	.TS
	352	center;
	353	\| ci \| ci \|
	354	\| lb \| lb \|.
	355	_
	356	sig-genalg sig-param
	357	_
ca3aaaeb MW	358	dh \-LS \-b3072 \-B256
	359	dsa \-b3072 \-B256
	360	rsa \-b3072
060ca767	361	ec \-Cnist-p256
06a174df MW	362	ed25519 \fInone
06a174df MW	363	ed448 \fInone
060ca767	364	_
	365	.TE
	366	.TP
5b44a262	367	.B sig-hash
060ca767	368	Hash function to use for making signatures. Default is
	369	.IR hash .
	370	.TP
5b44a262	371	.B sig-fresh
060ca767	372	Oldest time we should consider a signed archive to be fresh. Default is
0479da8e	373	.RB ` always ',
060ca767	374	meaning that all signatures are fresh.
060ca767	375	.TP
5b44a262	376	.B sig-expire
060ca767	377	Expiry time for master signing key. Default is
0479da8e	378	.RB ` forever '.
060ca767	379	.TP
5b44a262	380	.B fingerprint-hash
060ca767	381	Hash function to use for key fingerprinting. Default is
	382	.IR hash .
	383	.SS "Master maintenance parameters"
	384	.TP
5b44a262	385	.B base-dir
060ca767	386	Local base directory for the repository files. This probably ought to
	387	end in a
	388	.RB ` / '
838e5ce7	389	character. Unexpected files in this directory will be removed by the
0479da8e	390	.RB ` "tripe-keys upload" '
838e5ce7	391	command. No default.
060ca767	392	.TP
5b44a262	393	.B repos-file
060ca767	394	Filename for local repository tarball. Default is the concatenation of
	395	.I base-dir
	396	and
	397	.IB repos-base .
	398	.TP
5b44a262	399	.B sig-file
ca3aaaeb	400	Template for repository signatures. Default is the concatenation of
060ca767	401	.I base-dir
	402	and
	403	.IR sig-base .
	404	.TP
5b44a262	405	.B conf-file
060ca767	406	Filename for local repository configuration file. Default is
0479da8e	407	.BI \fR` basedir /tripe-keys.conf \fR'.
c2f28e4b	408	.TP
5b44a262	409	.B kx-warn-days
c2f28e4b MW	410	The
	411	.B "tripe-keys check"
	412	command will warn about keys which will in less than
	413	.I kx-warn-days
	414	days. Default is 28.
fc916a09 MW	415	.
fc916a09 MW	416	.\"--------------------------------------------------------------------------
060ca767	417	.SH "SEE ALSO"
fc916a09	418	.
060ca767	419	.BR tripe (8),
060ca767	420	.BR tripe\-keys (8).
fc916a09 MW	421	.
fc916a09 MW	422	.\"--------------------------------------------------------------------------
060ca767	423	.SH "AUTHOR"
fc916a09	424	.
060ca767	425	Mark Wooding, <mdw@distorted.org.uk>
fc916a09 MW	426	.
fc916a09 MW	427	.\"----- That's all, folks --------------------------------------------------