'ec': 'ec-param'}[conf['kx']]),
('kx-param', lambda: {'dh': '-LS -b3072 -B256',
'ec': '-Cnist-p256'}[conf['kx']]),
+ ('kx-attrs', ''),
('kx-expire', 'now + 1 year'),
('kx-warn-days', '28'),
('cipher', 'rijndael-cbc'),
('hash', 'sha256'),
('master-keygen-flags', '-l'),
+ ('master-attrs', ''),
('mgf', '${hash}-mgf'),
('mac', lambda: '%s-hmac/%d' %
(conf['hash'],
run('''key -kmaster add
-a${sig-genalg} !${sig-param}
-e${sig-expire} !${master-keygen-flags} -tmaster-%d tripe-keys-master
- sig=${sig} hash=${sig-hash}''' % seq)
+ sig=${sig} hash=${sig-hash} !${master-attrs}''' % seq)
run('key -kmaster extract -f-secret repos/master.pub')
###--------------------------------------------------------------------------
run('''key -krepos/param add
-a${kx-param-genalg} !${kx-param}
-eforever -tparam tripe-param
- kx-group=${kx} cipher=${cipher} hash=${hash} mac=${mac} mgf=${mgf}''')
+ kx-group=${kx} mgf=${mgf} mac=${mac}
+ cipher=${cipher} hash=${hash} ${kx-attrs}''')
cmd_newmaster(args)
###--------------------------------------------------------------------------