5 \h'-\w'\fB\\$1\ \fP'u'\fB\\$1\ \fP\c
32 .TH tripe-keys.conf 5 "14 September 2005" "Straylight/Edgeware" "TrIPE: Trivial IP Encryption"
34 tripe-keys.conf \- configuration file format for tripe-keys
40 file is a simple line-based configuration file read by
42 Lines may be empty (consist only of whitespace), be comments (first
43 non-whitespace character is
53 consists of alphanumeric characters and hyphens. Values may contain
54 substitutions, of the form
56 which are replaced by the value assigned to
60 have significance to the
62 program: these are described below. Many have sensible defaults.
63 .SS "The tripe-keys.master file"
64 The client configuration file is built by applying substitutions to the
66 file. The following tokens are substituted:
69 The sequence number of the most recently-added signing key.
72 The fingerprint of the signing key identified by
73 .BR @MASTER-SEQUENCE@ .
74 .SS "Master repository parameters"
77 The base URL of the key repository (usually with a trailing
79 Typically, this will be something like
80 .RB http://www.distorted.org.uk/vpn/ .
84 The basename for the repository archive. Default is
85 .BR tripe-keys.tar.gz .
88 The basename template for repository signatures. Default is
89 .BR tripe-keys.sig-<SEQ> .
92 portion, if any, is replaced by the sequence number of the key which
96 The URL for the key repository tarball. Default is the concatenation of
102 The URL template for key repository signatures. Default is the
109 The sequence number of the master authority's current signing key. No
110 default. Usually set up automatically.
112 .I master-keygen-flags
113 Additional options for generating master keys. Default is
117 The fingerprint of the current master signing key. No default. Usually
118 set up automatically.
121 A shell command to run by
123 after it has successfully written the
128 .B ": run upload hook"
130 .SS "Crypto parameters"
133 Key-exchange algorithm to use. Either
135 (integer Diffie-Hellman)
138 (elliptic curves). The default is
144 when generating the parameters key. Default depends on
154 dh \-LS \-b2048 \-B256
160 Expiry time for generated keys. Default is
164 Hashing algorithm to use. Default is
168 Message authentication algorithm to use. Default is
169 .IB hash -hmac/ halfhashlen \fR,
177 Mask-generation algorithm to use. Default is
179 This is probably a good choice.
182 Symmetric encryption scheme to use. Default is
186 Signature scheme to use. Must be one of those recognized by
202 Key-generation algorithm for signing key. Default depends on
222 Signature-key generation parameters. Default depends on
232 dh \-LS \-b2048 \-B256
240 Hash function to use for making signatures. Default is
244 Oldest time we should consider a signed archive to be fresh. Default is
246 meaning that all signatures are fresh.
249 Expiry time for master signing key. Default is
253 Hash function to use for key fingerprinting. Default is
255 .SS "Master maintenance parameters"
258 Local base directory for the repository files. This probably ought to
261 character. No default.
264 Filename for local repository tarball. Default is the concatenation of
270 Tempalte for repository signatures. Default is the concatenation of
276 Filename for local repository configuration file. Default is
277 .IB basedir /tripe-keys.conf \fR.
282 Mark Wooding, <mdw@distorted.org.uk>