Commit | Line | Data |
---|---|---|
ca3aaaeb MW |
1 | ### -*-conf-*- |
2 | ### | |
3 | ### tripe-keys configuration file | |
4 | ### | |
5 | ### see tripe-keys.conf(5) for full details | |
060ca767 | 6 | |
ca3aaaeb MW |
7 | ###-------------------------------------------------------------------------- |
8 | ### File locations (required). | |
060ca767 | 9 | |
ca3aaaeb MW |
10 | ## The base URL for the repository files. Include the trailing slash if |
11 | ## necessary. | |
060ca767 | 12 | # base-url = http://some.server.somewhere/blah/ |
13 | ||
ca3aaaeb MW |
14 | ## The local directory name for the repository files. Again, include the |
15 | ## trailing slash if necessary. | |
060ca767 | 16 | # base-dir = /some/directory/blah/ |
17 | ||
ca3aaaeb MW |
18 | ###-------------------------------------------------------------------------- |
19 | ### Crypto parameters. | |
060ca767 | 20 | |
26936c83 | 21 | ## The key-exchange type. May be `dh', `ec', `x25519', or `x448'. |
060ca767 | 22 | # kx = dh |
23 | ||
ca3aaaeb MW |
24 | ## Key-generation parameters for key exchange group. |
25 | # kx-param = -LS -b3072 -B256 | |
cfafc073 | 26 | # kx-param = -Cnist-p256 |
26936c83 | 27 | # kx-param = |
060ca767 | 28 | |
ca3aaaeb MW |
29 | ## Expiry time for peer key-exchange keys. |
30 | # kx-expire = now + 1 year | |
060ca767 | 31 | |
de8edc7f | 32 | ## Bulk crypto transform to use. May be `v0', `iiv', or `naclbox'. |
39bcd193 MW |
33 | # bulk = iiv |
34 | ||
ca3aaaeb MW |
35 | ## Symmetric encryption scheme to use. |
36 | # cipher = rijndael-cbc | |
060ca767 | 37 | |
ca3aaaeb | 38 | ## Hash function to use. (We derive the MGF and MAC from this.) |
060ca767 | 39 | # hash = sha256 |
40 | ||
ca3aaaeb | 41 | ## Signature scheme to use for signing/verifying repository archives. |
060ca767 | 42 | # sig = dsa |
ca3aaaeb | 43 | # sig = ecdsa |
06a174df | 44 | # sig = ed25519 |
060ca767 | 45 | |
ca3aaaeb | 46 | ## How recently an archive must have been signed to be valid. |
060ca767 | 47 | # sig-fresh = always |
f220a1d7 | 48 | # sig-fresh = 28 days ago |
060ca767 | 49 | |
ca3aaaeb | 50 | ## When the master signing key expires. |
060ca767 | 51 | # sig-expire = forever |
52 | ||
ca3aaaeb | 53 | ###-------------------------------------------------------------------------- |
575e728f | 54 | ### Master key integrity |
060ca767 | 55 | |
ca3aaaeb MW |
56 | ## Since the master public key is contained within the repository, we must |
57 | ## check its integrity: therefore we record its sequence number and | |
58 | ## fingerprint here. These are filled in automatically by `tripe-keys | |
59 | ## upload'. Leave them as they are. | |
575e728f | 60 | master-sequence = @MASTER-SEQUENCE@ |
060ca767 | 61 | hk-master = @HK-MASTER@ |