-key merge param
-key \-kkeyring.pub merge alice.pub
-.VE
-Generate a private key for
-.B bob
-and extract the public half, as before:
-.VS
-key add \-adh \-pparam \-tbob \e
- \-e"now + 1 year" tripe\-dh
-key extract \-f\-secret bob.pub bob
-key \-kkeyring.pub merge bob.pub
-.VE
-and send
-.B bob.pub
-back to
-.B alice
-using some secure method.
-.RE
-.hP 4
-On
-.BR alice ,
-merge
-.B bob 's
-key into the public keyring. Now, on each host, run
-.RS
-.VS
-key \-kkeyring.pub fingerprint
-.VE
-and check that the hashes match. If the two sites have separate
-administrators, they should read the hashes to each other over the
-telephone (assuming that they can recognize each other's voices).
-.RE
-.hP 5.
-Start the
-.B tripe
-servers up. Run
-.RS
-.VS
-tripectl \-slD
-.VE
-on each of
-.B alice
-and
-.BR bob .
-.RE
-.hP 6.
-To get
-.B alice
-talking to
-.BR bob ,
-run this shell script (or one like it):
-.RS
-.VS
-#! /bin/sh
-
-tripectl add bob 200.0.2.1 4070
-ifname=`tripectl ifname bob`
-ifconfig $ifname 10.0.1.1 pointopoint 10.0.2.1
-route add -net \e
- 10.0.2.0 netmask 255.255.255.0 \e
- gw 10.0.2.1
-.VE
-Read
-.BR ifconfig (8)
-and
-.BR route (8)
-to find out about your system's variants of these commands. The
-versions shown above assume a Linux system.
-Run a similar script on
-.BR bob ,
-to tell its
-.B tripe
-server to talk to
-.BR alice .
-.RE
-.hP 7.
-Congratulations. The two servers will exchange keys and begin sending
-packets almost immediately. You've set up a virtual private network.
-.SS "Using elliptic curve keys"
-The
-.B tripe
-server can use elliptic curve Diffie-Hellman for key exchange, rather
-than traditional integer Diffie-Hellman. Given current public
-knowledge, elliptic curves can provide similar or better security to
-systems based on integer discrete log problems, faster, and with less
-transmitted data. It's a matter of controversy whether this will
-continue to be the case. The author uses elliptic curves.
-.PP
-The server works out which it
-should be doing based on the key type, which is either
-.B tripe\-dh
-for standard Diffie-Hellman, or
-.B tripe\-ec
-for elliptic curves. To create elliptic curve keys, say something like
-.VS
-key add \-aec\-param \-Cnist-p192 \-eforever \e
- \-tparam tripe\-ec\-param