5 \h'-\w'\fB\\$1\ \fP'u'\fB\\$1\ \fP\c
32 .TH tripe-keys.conf 5 "14 September 2005" "Straylight/Edgeware" "TrIPE: Trivial IP Encryption"
34 tripe-keys.conf \- configuration file format for tripe-keys
40 file is a simple line-based configuration file read by
42 Lines may be empty (consist only of whitespace), be comments (first
43 non-whitespace character is
53 consists of alphanumeric characters and hyphens. Values may contain
54 substitutions, of the form
56 which are replaced by the value assigned to
60 have significance to the
62 program: these are described below. Many have sensible defaults.
63 .SS "The tripe-keys.master file"
64 The client configuration file is built by applying substitutions to the
66 file. The following tokens are substituted:
69 The sequence number of the most recently-added signing key.
72 The fingerprint of the signing key identified by
73 .BR @MASTER-SEQUENCE@ .
74 .SS "Master repository parameters"
77 The base URL of the key repository (usually with a trailing
79 Typically, this will be something like
80 .RB http://www.distorted.org.uk/vpn/ .
84 The basename for the repository archive. Default is
85 .BR tripe-keys.tar.gz .
88 The basename template for repository signatures. Default is
89 .BR tripe-keys.sig-<SEQ> .
92 portion, if any, is replaced by the sequence number of the key which
96 The URL for the key repository tarball. Default is the concatenation of
102 The URL template for key repository signatures. Default is the
109 The sequence number of the master authority's current signing key. No
110 default. Usually set up automatically.
113 The fingerprint of the current master signing key. No default. Usually
114 set up automatically.
117 A shell command to run by
119 after it has successfully written the
124 .B ": run upload hook"
126 .SS "Crypto parameters"
129 Key-exchange algorithm to use. Either
131 (integer Diffie-Hellman)
134 (elliptic curves). The default is
140 when generating the parameters key. Default depends on
150 dh \-LS \-b2048 \-B256
156 Expiry time for generated keys. Default is
160 Hashing algorithm to use. Default is
164 Message authentication algorithm to use. Default is
165 .IB hash -hmac/ halfhashlen \fR,
173 Mask-generation algorithm to use. Default is
175 This is probably a good choice.
178 Symmetric encryption scheme to use. Default is
182 Signature scheme to use. Must be one of those recognized by
198 Key-generation algorithm for signing key. Default depends on
218 Signature-key generation parameters. Default depends on
228 dh \-LS \-b2048 \-B256
236 Hash function to use for making signatures. Default is
240 Oldest time we should consider a signed archive to be fresh. Default is
242 meaning that all signatures are fresh.
245 Expiry time for master signing key. Default is
249 Hash function to use for key fingerprinting. Default is
251 .SS "Master maintenance parameters"
254 Local base directory for the repository files. This probably ought to
257 character. No default.
260 Filename for local repository tarball. Default is the concatenation of
266 Tempalte for repository signatures. Default is the concatenation of
272 Filename for local repository configuration file. Default is
273 .IB basedir /tripe-keys.conf \fR.
278 Mark Wooding, <mdw@distorted.org.uk>