.RB [ \-D ]
.RB [ \-d
.IR dir ]
+.RB [ \-b
+.IR addr ]
.RB [ \-p
.IR port ]
+.br
+
.RB [ \-U
.IR user ]
.RB [ \-G
.IR group ]
+.RB [ \-a
+.IR socket ]
+.RB [ \-T
+.IR trace-opts ]
.br
.RB [ \-k
.IR pub-keyring ]
.RB [ \-t
.IR key-tag ]
-.br
-
-.RB [ \-a
-.IR socket ]
-.RB [ \-T
-.IR trace-opts ]
.SH "DESCRIPTION"
The
.B tripe
program is a server which can provide strong IP-level encryption and
-authentication between two co-operating hosts. The program and its
-protocol are deliberately very simple, to make analysing them easy and
-to help build trust rapidly in the system.
+authentication between co-operating hosts. The program and its protocol
+are deliberately very simple, to make analysing them easy and to help
+build trust rapidly in the system.
.SS "Overview"
The
.B tripe
If not given any command-line arguments,
.B tripe
will initialize by following these steps:
-.hP \*o
-It changes directory to
-.BR /var/lib/tripe .
-.hP \*o
+.hP 1.
+It sets the directory named by the
+.B TRIPEDIR
+environment variable (or
+.B /var/lib/tripe
+if the variable is unset) as the current directory.
+.hP 2.
It acquires a UDP socket with an arbitrary kernel-selected port number.
It will use this socket to send and receive all communications with its
peer servers. The port chosen may be discovered by means of the
.B PORT
admin command (see
.BR tripe\-admin (5)).
-.hP \*o
+.hP 3.
It loads the private key with the tag or type name
.B tripe\-dh
from the Catacomb-format file
They are maintained using the program
.BR key (1)
provided with the Catacomb distribution.)
-.hP \*o
+.hP 4.
It creates and listens to the Unix-domain socket
.BR tripesock .
.PP
.B .
if you don't want it to change directory at all.
.TP
+.BI "\-b, \-\-bind-address="addr
+Bind the UDP socket to IP address
+.I addr
+rather than the default of
+.BR INADDR_ANY .
+This is useful if your main globally-routable IP address is one you want
+to tunnel through the VPN.
+.TP
.BI "\-p, \-\-port=" port
Use the specified UDP port for all communications with peers, rather
than an arbitarary kernel-assigned port.
.hP 7.
Congratulations. The two servers will exchange keys and begin sending
packets almost immediately. You've set up a virtual private network.
+.SS "Using elliptic curve keys"
+The
+.B tripe
+server can use elliptic curve Diffie-Hellman for key exchange, rather
+than traditional integer Diffie-Hellman. Given current public
+knowledge, elliptic curves can provide similar or better security to
+systems based on integer discrete log problems, faster, and with less
+transmitted data. It's a matter of controversy whether this will
+continue to be the case. The author uses elliptic curves.
+.PP
+The server works out which it
+should be doing based on the key type, which is either
+.B tripe\-dh
+for standard Diffie-Hellman, or
+.B tripe\-ec
+for elliptic curves. To create elliptic curve keys, say something like
+.VS
+key add \-aec\-param \-Cnist-p192 \-eforever \e
+ \-tparam tripe\-ec\-param
+.VE
+to construct a parameters key, using your preferred elliptic curve in
+the
+.B \-C
+option (see
+.BR key (1)
+for details); and create the private keys by
+.VS
+key add \-aec \-pparam \-talice \e
+ \-e"now + 1 year" tripe\-ec
+.VE
+Now start
+.B tripe
+with the
+.B \-ttripe\-ec
+option, and all should be well.
+.SS "Using other symmetric algorithms"
+The default symmetric algorithms
+.B tripe
+uses are Blowfish (by Schneier) for symmetric encryption, and RIPEMD-160
+(by Dobbertin, Bosselaers and Preneel) for hashing and as a MAC (in HMAC
+mode, designed by Bellare, Canetti and Krawczyk). These can all be
+overridden by setting attributes on your private key, as follows.
+.TP
+.B cipher
+Names the symmetric encryption scheme to use. The default is
+.BR blowfish\-cbc .
+.TP
+.B hash
+Names the hash function to use. The default is
+.BR rmd160 .
+.TP
+.B mac
+Names the message authentication code to use. The name of the MAC may
+be followed by a
+.RB ` / '
+and the desired tag length in bits. The default is
+.IB hash \-hmac
+at half the underlying hash function's output length.
+.TP
+.B mgf
+A `mask-generation function', used in the key-exchange. The default is
+.IB hash \-mgf
+and there's no good reason to change it.
.SS "About the name"
The program's name is
.BR tripe ,
~mdw / tripe / blobdiff