### -*-conf-*- ### ### tripe-keys configuration file ### ### see tripe-keys.conf(5) for full details ###-------------------------------------------------------------------------- ### File locations (required). ## The base URL for the repository files. Include the trailing slash if ## necessary. # base-url = http://some.server.somewhere/blah/ ## The local directory name for the repository files. Again, include the ## trailing slash if necessary. # base-dir = /some/directory/blah/ ###-------------------------------------------------------------------------- ### Crypto parameters. ## The key-exchange type. May be `dh', `ec', `x25519', or `x448'. # kx = dh ## Key-generation parameters for key exchange group. # kx-param = -LS -b3072 -B256 # kx-param = -Cnist-p256 # kx-param = ## Expiry time for peer key-exchange keys. # kx-expire = now + 1 year ## Bulk crypto transform to use. May be `v0', `iiv', or `naclbox'. # bulk = iiv ## Symmetric encryption scheme to use. # cipher = rijndael-cbc ## Hash function to use. (We derive the MGF and MAC from this.) # hash = sha256 ## Signature scheme to use for signing/verifying repository archives. # sig = dsa # sig = ecdsa # sig = ed25519 ## How recently an archive must have been signed to be valid. # sig-fresh = always # sig-fresh = 28 days ago ## When the master signing key expires. # sig-expire = forever ###-------------------------------------------------------------------------- ### Master key integrity ## Since the master public key is contained within the repository, we must ## check its integrity: therefore we record its sequence number and ## fingerprint here. These are filled in automatically by `tripe-keys ## upload'. Leave them as they are. master-sequence = @MASTER-SEQUENCE@ hk-master = @HK-MASTER@