3 .\" Manual for the key-management configuration files
5 .\" (c) 2008 Straylight/Edgeware
8 .\"----- Licensing notice ---------------------------------------------------
10 .\" This file is part of Trivial IP Encryption (TrIPE).
12 .\" TrIPE is free software; you can redistribute it and/or modify
13 .\" it under the terms of the GNU General Public License as published by
14 .\" the Free Software Foundation; either version 2 of the License, or
15 .\" (at your option) any later version.
17 .\" TrIPE is distributed in the hope that it will be useful,
18 .\" but WITHOUT ANY WARRANTY; without even the implied warranty of
19 .\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
20 .\" GNU General Public License for more details.
22 .\" You should have received a copy of the GNU General Public License
23 .\" along with TrIPE; if not, write to the Free Software Foundation,
24 .\" Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
26 .\"--------------------------------------------------------------------------
27 .so ../common/defs.man \" @@@PRE@@@
29 .\"--------------------------------------------------------------------------
30 .TH tripe-keys.conf 5tripe "14 September 2005" "Straylight/Edgeware" "TrIPE: Trivial IP Encryption"
32 .\"--------------------------------------------------------------------------
35 tripe-keys.conf \- configuration file format for tripe-keys
37 .\"--------------------------------------------------------------------------
44 file is a simple line-based configuration file read by
46 Lines may be empty (consist only of whitespace), be comments (first
47 non-whitespace character is
57 consists of alphanumeric characters and hyphens. Values may contain
58 substitutions, of the form
60 which are replaced by the value assigned to
64 have significance to the
66 program: these are described below. Many have sensible defaults.
67 .SS "The tripe-keys.master file"
68 The client configuration file is built by applying substitutions to the
70 file. The following tokens are substituted:
73 The sequence number of the most recently-added signing key.
76 The fingerprint of the signing key identified by
77 .BR @MASTER-SEQUENCE@ .
78 .SS "Master repository parameters"
81 The base URL of the key repository (usually with a trailing
83 Typically, this will be something like
84 .RB http://www.distorted.org.uk/vpn/ .
88 The basename for the repository archive. Default is
89 .BR tripe-keys.tar.gz .
92 The basename template for repository signatures. Default is
93 .BR tripe-keys.sig-<SEQ> .
96 portion, if any, is replaced by the sequence number of the key which
100 The URL for the key repository tarball. Default is the concatenation of
106 The URL template for key repository signatures. Default is the
113 The sequence number of the master authority's current signing key. No
114 default. Usually set up automatically.
116 .I master-keygen-flags
117 Additional options for generating master keys. Default is
121 The fingerprint of the current master signing key. No default. Usually
122 set up automatically.
125 A shell command to run by
127 after it has successfully written the
132 .B ": run upload hook"
134 .SS "Crypto parameters"
137 Key-exchange algorithm to use. Either
139 (integer Diffie-Hellman)
142 (elliptic curves). The default is
147 Key generation algorithm name to pass to
149 when generating keys.
167 Key generation algorithm name to pass to
169 when generating the parameters key.
189 when generating the parameters key. Default depends on
199 dh \-LS \-b3072 \-B256
205 Expiry time for generated keys. Default is
209 Hashing algorithm to use. Default is
213 Message authentication algorithm to use. Default is
214 .IB hash -hmac/ halfhashlen \fR,
222 Mask-generation algorithm to use. Default is
224 This is probably a good choice.
227 Symmetric encryption scheme to use. Default is
231 Signature scheme to use. Must be one of those recognized by
248 Key-generation algorithm for signing key. Default depends on
269 Signature-key generation parameters. Default depends on
279 dh \-LS \-b3072 \-B256
287 Hash function to use for making signatures. Default is
291 Oldest time we should consider a signed archive to be fresh. Default is
293 meaning that all signatures are fresh.
296 Expiry time for master signing key. Default is
300 Hash function to use for key fingerprinting. Default is
302 .SS "Master maintenance parameters"
305 Local base directory for the repository files. This probably ought to
308 character. Unexpected files in this directory will be removed by the
313 Filename for local repository tarball. Default is the concatenation of
319 Template for repository signatures. Default is the concatenation of
325 Filename for local repository configuration file. Default is
326 .IB basedir /tripe-keys.conf \fR.
330 .B "tripe-keys check"
331 command will warn about keys which will in less than
335 .\"--------------------------------------------------------------------------
341 .\"--------------------------------------------------------------------------
344 Mark Wooding, <mdw@distorted.org.uk>
346 .\"----- That's all, folks --------------------------------------------------