server/, keys/: Add bulk crypto transform based on NaCl `crypto_secretbox'.

[tripe] / server / tripe.8.in

diff --git a/server/tripe.8.in b/server/tripe.8.in
index bdac42185e3f6077a1a77a7671ed4b8d4f6c0c94..c19ee57a100e769f61ec3914cf18dfba72e077b9 100644 (file)
--- a/server/tripe.8.in
+++ b/server/tripe.8.in
@@ -412,6 +412,34 @@ more significantly, the transform is entirely deterministic, so (a) it
 doesn't need the (possibly slow) random number generator, and (b) it
 closes a kleptographic channel, over which a compromised implementation
 could leak secret information to a third party.
+.TP
+.B naclbox
+A transform based on the NaCl
+.B crypto_secretbox
+transformation.
+The main difference is that NaCl uses XSalsa20,
+while TrIPE uses plain Salsa20 or ChaCha,
+because it doesn't need the larger nonce space.
+You can set the
+.B cipher
+key attribute to one of
+.BR salsa20 ,
+.BR salsa20/12 ,
+.BR salsa20/8 ,
+.BR chacha20 ,
+.BR chacha12 ,
+or
+.B chacha8
+to select the main cipher.
+You can set the
+.B mac
+key attribute to
+.B poly1305
+or
+.B poly1305/128
+but these are the default and no other choice is permitted.
+(This is for forward compatibility,
+in case other MACs and/or tag sizes are allowed later.)
 .SS "Other key attributes"
 The following attributes can also be set on keys.
 .TP