5 \h'-\w'\fB\\$1\ \fP'u'\fB\\$1\ \fP\c
32 .TH tripe-keys 8 "14 September 2005" "Straylight/Edgeware" "TrIPE: Trivial IP Encryption"
34 tripe-keys \- simple centralized key management for tripe
38 .IP "Operations supported:"
53 script implements a very simple, centralized key management system for
55 It assumes that there is a central authority who knows all the public
56 keys for a private network.
62 of public keys. It provides a way for a master authority to publish the
63 repository and for clients to obtain authentic copies of it.
65 The repository is very simple: it consists of a directory
67 full of public-key files, each named
68 .BI peer- tag .pub \fR.
70 The repository setup process creates a master signing key, stored in the
72 keyring, and a key describing the parameters to be used for generating
73 key-exchange keys, stored in
76 The master authority has a configuration file
77 .BR tripe-keys.master ,
78 usually created by copying the template provided and editing it.
80 The published repository consists of a tarball of the
82 directory, containing the key-generation parameters and all the peers'
83 public keys, and a client configuration file
85 The tarball is signed by the master authority's signing key.
87 The client configuration file is essentially a copy of
89 with some extra bits filled in: in particular, it contains the
90 fingerprint of the master signing key, so that the client can be sure
91 it's checking the right key.
93 A peer starts by downloading a copy of
95 and then making sure it's authentic. (This is one of the tricky bits.
96 The other is getting public keys back to the master authority.) This is
97 enough for the peer to fetch a copy of the repository, verify the
98 signature, and assemble a public keyring for the other peers in the
103 that simple. The system allows new signing keys to replace old ones, so
104 in fact the publication process signs the repository archive using a
105 collection of keys. Each signing key is given a sequence number. The
106 client configuration file contains the sequence number of the master
107 signing key whose fingerprint it knows. During an update, the right
108 signature is fetched and checked; if there's a new master key, then the
110 in the new repository archive will have its sequence number and
111 fingerprint: the update process will replace its configuration file with
112 the new version, and the peer will use the new key from then on.
116 program accepts some standard command-line options:
119 Print general help about
121 to standard output and exit successfully.
123 .B "\-v, \-\-version"
124 Print the version number of
126 to standard output and exit successfully.
129 Print brief usage about
131 to standard output and exit successfully.
134 .BI help\fR[ command \fR]
135 With no arguments, shows help, as for the
137 option. With an argument, shows help about that
141 Constructs a new repository and makes a signing key (as for
143 and key-exchange parameters. Fails if
148 Build a repository archive, sign it with the active signing keys, and
151 file. Copy the results to the places named by
156 respectively. (This command is currently misnamed. It only copies
157 stuff about the local filesystem. Some day it'll really upload stuff.)
160 Generate a peer key for the peer named
162 The private key ends up in
164 the public key is written to
171 Fetches a new copy of the repository archive and its signature. It
172 unpacks the archive in a temporary directory, and checks the enclosed
173 master public key against the fingerprint in the configuration file. It
174 then verifies the signature on the archive using this public key. If
175 all is well, it replaces the current
177 directory with the version in the new archive, and if necessary it
178 replaces the current configuration file with the new one in the
179 archive. It then does a
186 Generates a new master signing key. The old master key is not deleted.
189 Rebuilds the public keyring
191 from the public keys in the
196 Deletes everything which
198 might have written to a directory. In particular, it deletes
209 .BR tripe\-keys.conf (5),
212 Mark Wooding, <mdw@distorted.org.uk>