[tripe] / keys / tripe-keys.master

### -*-conf-*-
###
### tripe-keys configuration file
###
### see tripe-keys.conf(5) for full details

###--------------------------------------------------------------------------
### File locations (required).

## The base URL for the repository files.  Include the trailing slash if
## necessary.
# base-url = http://some.server.somewhere/blah/

## The local directory name for the repository files.  Again, include the
## trailing slash if necessary.
# base-dir = /some/directory/blah/

###--------------------------------------------------------------------------
### Crypto parameters.

## The key-exchange type.  May be `dh' or `ec'.
# kx = dh

## Key-generation parameters for key exchange group.
# kx-param = -LS -b3072 -B256
# kx-param = -Pnist-p256

## Expiry time for peer key-exchange keys.
# kx-expire = now + 1 year

## Symmetric encryption scheme to use.
# cipher = rijndael-cbc

## Hash function to use.  (We derive the MGF and MAC from this.)
# hash = sha256

## Signature scheme to use for signing/verifying repository archives.
# sig = dsa
# sig = ecdsa

## How recently an archive must have been signed to be valid.
# sig-fresh = always

## When the master signing key expires.
# sig-expire = forever

###--------------------------------------------------------------------------
### Master key integrity

## Since the master public key is contained within the repository, we must
## check its integrity: therefore we record its sequence number and
## fingerprint here.  These are filled in automatically by `tripe-keys
## upload'.  Leave them as they are.
master-sequence = @MASTER-SEQUENCE@
hk-master = @HK-MASTER@
Commit	Line	Data
ca3aaaeb MW	1	### --conf--
	2	###
	3	### tripe-keys configuration file
	4	###
	5	### see tripe-keys.conf(5) for full details
060ca767	6
ca3aaaeb MW	7	###--------------------------------------------------------------------------
ca3aaaeb MW	8	### File locations (required).
060ca767	9
ca3aaaeb MW	10	## The base URL for the repository files. Include the trailing slash if
ca3aaaeb MW	11	## necessary.
060ca767	12	# base-url = http://some.server.somewhere/blah/
060ca767	13
ca3aaaeb MW	14	## The local directory name for the repository files. Again, include the
ca3aaaeb MW	15	## trailing slash if necessary.
060ca767	16	# base-dir = /some/directory/blah/
060ca767	17
ca3aaaeb MW	18	###--------------------------------------------------------------------------
ca3aaaeb MW	19	### Crypto parameters.
060ca767	20
ca3aaaeb	21	## The key-exchange type. May be `dh' or `ec'.
060ca767	22	# kx = dh
060ca767	23
ca3aaaeb MW	24	## Key-generation parameters for key exchange group.
	25	# kx-param = -LS -b3072 -B256
	26	# kx-param = -Pnist-p256
060ca767	27
ca3aaaeb MW	28	## Expiry time for peer key-exchange keys.
ca3aaaeb MW	29	# kx-expire = now + 1 year
060ca767	30
ca3aaaeb MW	31	## Symmetric encryption scheme to use.
ca3aaaeb MW	32	# cipher = rijndael-cbc
060ca767	33
ca3aaaeb	34	## Hash function to use. (We derive the MGF and MAC from this.)
060ca767	35	# hash = sha256
060ca767	36
ca3aaaeb	37	## Signature scheme to use for signing/verifying repository archives.
060ca767	38	# sig = dsa
ca3aaaeb	39	# sig = ecdsa
060ca767	40
ca3aaaeb	41	## How recently an archive must have been signed to be valid.
060ca767	42	# sig-fresh = always
060ca767	43
ca3aaaeb	44	## When the master signing key expires.
060ca767	45	# sig-expire = forever
060ca767	46
ca3aaaeb	47	###--------------------------------------------------------------------------
575e728f	48	### Master key integrity
060ca767	49
ca3aaaeb MW	50	## Since the master public key is contained within the repository, we must
	51	## check its integrity: therefore we record its sequence number and
	52	## fingerprint here. These are filled in automatically by `tripe-keys
	53	## upload'. Leave them as they are.
575e728f	54	master-sequence = @MASTER-SEQUENCE@
060ca767	55	hk-master = @HK-MASTER@